Email Security Portal - Check Point

Contents

Overview
Log In
- Option 1 - SSO (user mailboxes only)
- Option 2 - Enter email address (shared mailboxes or user mailboxes)
Quarantine Email
- Request Quarantine Email Release
Trusted Senders
- Manage Trusted Senders

Overview

The Email Security Portal is a website provided by one our email security solution providers, Check Point. This is the place where users can manage both quarantine emails and Trusted Senders.

Log In

There are two methods for logging in to the Email Security Portal. The first and recommended method for standard user emails accounts is to use the "Sign in with Microsoft" button for SSO login. The alternative method, required for shared mailboxes, is to type your email address in the "Enter your email address" box.

Option 1 - SSO (user mailboxes only)

This is the easiest option for signing in to the Email Security Portal for standard user account emails. Use the other option if signing in to a shared mailbox account.

Go to Email Security Portal.
Click on "Sign in with Microsoft".
Select your account, if available. If it is not there, click on "Use another account" and complete your Microsoft sign in with your email account.

Option 2 - Enter email address (shared mailboxes or user mailboxes)

This is the only supported method for signing into the Email Security Portal with a shared mailbox.

Enter the email address that you are trying to sign into in the "Enter your email address" box.
Go to the inbox of the email address you entered and wait for an email from no-reply@checkpoint.com to appear. Open it and copy the verfication code.
Go back to the Email Security Portal webpage, paste the verification code, then click Submit.

Quarantine Email

Quarantine email is an email message that has been scanned by the security software that it has determined to be potentially malicious.

Users will only be notified that they received a phishing email via the daily email digest. However, you can request new email digests at any time. Please visit the email digest page for more information.

Once you have logged in to the Email Security Portal you can click on either "Quarantine" towards the upper left side of the site or "Find quarantined emails" in the center. You can also check on the status of requests you have previously made to have quarantine emails released by clicking on "Check on my restore requests".

All your quarantine emails appear will show up here. Emails in quarantine are now visible in a secure manner from the Email Security Portal. Instead of only knowing the sender and subject, you can now review the email message text. Pictures and attachments are not visible for security purposes.

Request Quarantine Email Release

There are two types of quarantine email, suspected phishing and phishing.

Suspected phishing emails are emails that the system thinks could be malicious but is not certain enough to classify it as the higher tier level of quarantine. These emails still make it to the Email Security Portal but can be released by you without system or admin approval due to the lower confidence that the system has of it being harmful. Still use increased caution with these emails. Being able to release them does not mean they are any less dangerous if they are actually malicious.
Phishing emails on the other hand are emails that the security system has a high degree of confidence that email is malicious. These emails will require you to request that the email be released. The system will automatically rescan the email and send an automated email or email administrator to release it to your inbox.

If there is an email in quarantine that you would like to release:

Review the email thoroughly in the Email Security Portal to make sure you feel that the email is safe and legitimate.
Click "Request Restore" on the bottom right of the email you want to release.
1. If the email is labeled as "Suspected Phishing", you will just click on "Submit" on the message that pops up and then you are done. The email will be released to your inbox without needing an automated reevaluation or an administrator to release it for you.
On the Request Restore pop up, briefly explain why you are requesting the email to be released, then press "Submit" and close out of the Request Submitted pop up message.
The security system will automatically reevaluate the email. The process can take a while for it to complete, but once it finishes it will email you the result of its new scan. On top sending a notification email to you, the following actions will be taken based on the outcome.
1. If the reevaluation finds the email to be clean, the security system will automatically release the email to your inbox without needing an admin to release it.
2. If the reevaluation finds the email to be malicious, the security system will keep the email in quarantine. The email you receive will list the reasons it believes the email is malicious. The system will also notify admins to review the email to determine if they agree or disagree with the findings. You will be notified via email once an admin has reviewed the email and what their determination of the email is.
3. If the reevaluation finds the email to be inconclusive, the security system will keep the email in quarantine. The email you receive will let you know that the system is unable to make a decision whether the email is safe or not. The system will also notify admins to review the email. You will be notified via email once an admin has reviewed the email and what their determination of the email is.
If an email is ultimately kept in quarantine and you think it should still be released, or if you have any questions, please submit a ticket. There will also be a link on the emails sent by the security system that will take you to the helpdesk ticketing site.

Trusted Senders

Trusted Senders are the Check Point equivalent of Microsoft's Safe Senders. Both work and will do the same thing. Feel free to use whichever system you prefer.

Adding a sender to Trusted Senders will exempt emails coming from that sender's email address from being labeled as Graymail or Spam/Junk. This will ensure that emails sent by that sender are never sent to your Promotions or Junk folder.

However, Trusted Senders does not prevent emails from being quarantined if the security software determines them to be malicious. Emails from Trusted Senders will behave like any other quarantine email, and you will need to go to Quarantine section of the Email Security Portal to view/release them.

Manage Trusted Senders

After signing in to the Email Security Portal, will want to click on "Trusted Senders" on the left side of the screen to access the Trusted Senders page.

To add a Trusted Sender:

To add a Trusted Sender, click "+ Add Trusted Sender"
Choose if you want to add either a sender's email address or a sender's domain, enter the email address or domain, and click OK.
1. If you only want a particular person's email address to not get caught by the Graymail or Junk/Email filters, choose the option to "Trust sender's email address".
2. If you want every person's email from the same domain (the part after the "@") to not get caught by the Graymail or Junk/Email filters, choose the option to "Trust sender's domain".
Once added you will see the entry show up on the page. Note that when you trust a sender's email address it shows the entire address, whereas when you trust a sender's domain it shows the domain with a "www" icon to the left of it.

To manage a Trusted Sender, click on the three vertical dots on the right side of the entry you want to manage. From here you can choose "Edit" to make changes to an existing entry or "Delete" to remove it entirely.