What's New

Submitting passwords for password-protected attachments: It is possible to exclude specific recipients in your organization from the requirement to submit passwords to enable "Acronis Email Security" to scan password-protected attachments. For example, you could require all email recipients in your organization to submit passwords for encrypted attachments, but exclude this requirement for emails that are sent from a specified domain or email address. These specified users will then receive their emails without attached password-protected files being scanned. Previously, such exclusions could be implemented by "Acronis Email Security" Support only. Now, most of these exclusions can be configured by "Acronis Email Security" admin users. This is done by using allowlists. You can add and configure allowlists in the Detection Setup > Allowlists & Blocklists page. For more information about using allowlists to exclude specific recipients in your organization from the requirement to submit passwords, see Scanning password-protected attachments.

Bypassing the "restricted file type" functionality: It is possible to bypass the "restricted file type" functionality in various ways. For example, you could apply the "restricted file type" functionality to all email recipients in your organization, but exclude the functionality from emails that are sent from a specified domain or email address. Previously, such limitations could be implemented by "Acronis Email Security" Support only. Now, most of these limitations can be configured by "Acronis Email Security" admin users. This is done by using allowlists. You can add and configure allowlists in the Detection Setup > Allowlists & Blocklists page. For more information about using allowlists to limit the application of the "restricted file type" functionality, see Bypassing the "restricted file type" functionality.

Limiting the application of banners: It is possible to limit the application of banners in various ways. For example, you could apply the "External-first-time" banner to all email recipients in your organization, but exclude the banner from emails that are sent from a specified domain or email address. Previously, these limitations could be implemented by "Acronis Email Security" Support only. Now, most of these limitations can be configured by "Acronis Email Security" admin users. This is done by using allowlists - and is based on the banner type. You can add and configure allowlists in the Detection Setup > Allowlists & Blocklists page. For more information about using allowlists to limit the application of banners, see Limiting banner application.

Configuring TLS encryption: When implementing an "Other" integration, it is sometimes necessary to specify that the domains servers that receive emails from "Acronis Email Security" don't support TLS encryption. Previously, this could be done by "Acronis Email Security" Support only. Now it is possible to configure TLS encryption settings in "Acronis Email Security". This is done from the Settings > Protected Email Assets page. For details, see TLS considerations.

Configuring feedback emails: By default, the "Acronis Email Security" IR Team won't send feedback to end-users that report email messages using the Report Message button [Microsoft 365 Inline and API] or the Report Email button [Google Workspace]. Now you can configure "Acronis Email Security" so that the "Acronis Email Security" IR Team will send feedback to end-users that report email messages - it is no longer necessary to ask "Acronis Email Security" Support to perform this configuration. For details, see Alerts.

Partial protection removed: With Microsoft 365 Inline and Google Workspace integrations, partial protection should now be configured for POC organizations only - not for Commercial organizations. If partial protection is configured for an organization with a Commercial contract type, then billing will be based on the number of licenses that are included in the Microsoft 365 account or the Google Workspace account - not on the number of "partial protection" users.

Partial protection is still available for Microsoft 365 API integrations - even for organizations with a Commercial contract type. Billing will be based on the number of "partial protection" users.

Deleting verified domains: It is now possible for admin users to delete verified domains - it is no longer necessary to request "Acronis Email Security" Support to remove verified domains. For details, see Deleting domains.

The new ability of admin users to delete verified domains is in addition to their existing ability to delete pending domains.

Extended availability of the Licenses page: The Settings > Licenses page is now available to admin-users in all organization-types - except for MSSP Customer organization types. For details, see Licensing.

People Posture page: The new People Posture page lets you see an overview of the email-based risk of each end-user that is protected by "Acronis Email Security". Based on the history of emails that they have received, "Acronis Email Security" awards each end-user a "risk score" - high, medium, or low. The risk score is determined based on the number and ration of malicious emails that were received by the end-user. To access the People Posture page, click Security Operations > People Posture. For details, see People Posture.

Awareness emails: You can now generate a threat awareness email that is based on a malicious email that was received by your organization. The awareness emails are AI generated - directly from the selected email. They can be used to enhance user phishing-detection skills and general threat awareness by providing contextual learning. This helps to build the skills of your end users so that they can more easily recognize - and then avoid - similar threats in the future. For details, see Awareness Emails.

Remote Logging: Sending Syslog to a remote host: The new remote logging functionality lets you send selected logs from "Acronis Email Security" to a central SIEM or Syslog server, benefiting from their centralized logging, monitoring, and alerting features. "Acronis Email Security" currently supports Email Scan event types only. For details about remote logging, see Remote Logging: Sending Syslog to a remote host.

Regenerating the API key: In the Account > Profile page, you can now regenerate the API key. As soon as the new API key is generated, the old API key will no longer be valid. It is advisable to regenerate the API key if you have a suspicion that the existing API key may have been compromised. For additional details about the API key, see Profile.

Changes in the navigation panel: We've made the following changes to the left navigation panel to improve the user experience while using "Acronis Email Security":

Moving the "Add Service" button inside "Acronis Email Security": We've moved the "Add Service" button from the "Acronis Email Security" banner. You can now access the same functionality in the "Bundles and Channels" page:

1. Select Settings > Bundles and Channels.

2. Under Enabled Channels, locate Email Service, and then click Email service configuration [] on the right.

New Account Takeover page: The new Account Takeover page has been released. This page replaces the Cases page - that is no longer available in "Acronis Email Security". In the replaced Cases page, each case had just a single alert. In the new Account Takeover page, each case can include one-or-more alerts. By including multiple alerts in a case, the full history of the attack on the user-account is available, enhancing the comprehensiveness of the case. This makes it easier to review, analyze, and resolve the case. In addition, various other enhancements and user-experience improvements have been incorporated into the new Account Takeover page, including the ability to generate an "easy-to-read" AI-summary of the case.

Note that all existing cases in the old Cases page have been transferred to the new Account Takeover page.

For additional details about the new Account Takeover page, see Account Takeover [ATO].

Larger files supported when bulk uploading allowlist and blocklist entries: When performing a bulk upload of allowlist entries or blocklist entries, you can now include up to 300 entries in the upload file. Previously, the maximum number of entries was 100.

"Add services" icon moves from the banner - and is re-named: We moved the "Add services" icon [] from the on the right side of the "Acronis Email Security" banner to the Settings > Bundles and Channels page. The "Add services" icon [] is now located under Enabled Channels, on the right of Email Service. It is now referred to as the Email service configuration icon.

End-users moving spam emails to their Inboxes: Digest reports can now include a "Not Spam - move to Inbox" option for each entry in the report that has a Spam verdict. This enables end-users to move their Spam emails from the Junk or Spam folders to their Inboxes - and the verdict of the scan is changed from Spam to Clean. This new functionality is in addition to the existing functionality that enables end-users to release their Spam emails from quarantine. For details about Digest reports, see Configuring Digest reports.

"Released from Microsoft Quarantine" filter: We've added a "Released from Microsoft Quarantine" filter to the Scans page. This lets you display only those emails that have been released from quarantine, after they were quarantined by Microsoft. For details, see Releasing "Quarantined by Microsoft" emails.

Releasing "Quarantined by Microsoft" emails: Some organizations have enabled the "Show emails quarantined by Microsoft" functionality. If you have this functionality enabled, emails that were quarantined by Microsoft will appear in the Scans page. You can now release any of these "quarantined by Microsoft" emails - directly from "Acronis Email Security". For details, see Releasing "Quarantined by Microsoft" emails.

Defining for which severity of malicious cases alerts will be sent: You can now define for which severity of malicious cases alerts will be sent. The severity options are "Low and above", "Medium and above", and "High only". This enables you to limit the number of alerts that are sent for suspected malicious cases. For details, see Alert via email on malicious cases.

Bulk uploading of allowlist and blocklist entries: You can now use "Acronis Email Security" to add entries to allowlists and blocklists in bulk. Entries are added from an uploaded .csv file. It is no longer necessary to request "Acronis Email Security" Support to perform bulk uploads. For details, see Bulk import of allowlist entries and Bulk import of blocklist entries.

You can bulk upload entries to the following allowlists and blocklists:

• Sender email addresses and domains

• Sender IP addresses

Editing disclaimers: You can now use "Acronis Email Security" to edit disclaimers. This includes changes such as the language, text strings, size, or font of a disclaimer. It is no longer necessary to request "Acronis Email Security" Support to edit your disclaimers. For details, see Editing [customizing] banners.

Modifying protected assets for Microsoft 365 API integrations: You can now modify the set of protected assets for Microsoft 365 API integrations. This new functionality includes adding new domains, groups, and users to protect, and removing existing domains, groups, and users from protection. For details, see Protected email assets - Microsoft 365 API integrations

Selecting domains from a list of domains in the Microsoft 365 account: When you configure a Microsoft 365 Inline integration, you can specify one or more domains that will be protected. You can now select the required domains from a list of domains that are included in the organization's Microsoft 365 account. This reduces the chance of configuring an incorrect domain. For details, see Step 1 - Onboarding Microsoft 365.

Updated terminology for allowlists: When defining allowlists, the terminology has been changed:

• The field that was previously labeled "Verdict" is now labeled "Email allow options".

• The options for this field have changed from "No review - always allow" and "Review if Malicious (allow if spam)" to "Allow all emails" and "Never mark as Spam".

For details about allowlists, see Allowlists.

• The field that was previously labeled "Verdict" is now labeled "Set verdict as".

For details about blocklists, see Blocklists.

Showing the country flag for IPs: When you show the details of a scan in the new "compact" Scans page, the country flag now appears to the left of the Source IP address.

Redesigned organization selector: We've enhanced the functionality and usability of the Organization selector at the top of the console - to simplify navigation between parent and child organizations. To display a list of all the available child organizations, click inside the Search organizations box on the right. Enter at least 3 characters to search for organizations.

Note that the Search organizations box appears only if you are an admin user in a parent organization.

New "Scan Details" page for emails: Our new and improved Scan Details page is now available for email scans. This new page is designed to enhance your experience with a modern, clean interface, and with intuitive features.

Key benefits

• Concise and modern design: Enjoy a sleek, updated look that puts the email at the center, clearly displaying all essential details and content.

• Enhanced user experience: Access important information with fewer clicks, making navigation more intuitive and efficient.

• Automatic GenAI summary: Instantly understand email threats with AI-generated summaries, providing quick and accurate insights.

Initially, the new Scans Details page is available for scans of emails only - but we plan to soon expand support to include scans from other integrated channels as well. You can access the new Scan Details page by using the "Compact" toggle that is located at the top of the page when you show the details of any email scan.

The "Channels and Bundles" page replaces the Channels page: The new "Channels and Bundles" page replaces the Channels page. In the "Channels and Bundles" page, you can select bundles that will be applied in your organization. Each bundle include a list of channels that can be activated. For details on the new page, see Bundles and Channels.

Enabling the "Quarantined-by-Microsoft" functionality: You can now use "Acronis Email Security" to enable the "Quarantined-by-Microsoft" functionality. The "Quarantined-by-Microsoft" functionality lets you see emails that were quarantined by Microsoft - in the Scans page. You can enable this functionality in the Settings > Bundles and Channels page. For more information, see Enabling the "Quarantined by Microsoft" functionality.

Improvements to the email preview: We’ve made some improvements to the email preview that is available from the Scans page. When you preview an email, you can now select-and-copy any of the following text fields:

• Subject

• Sender

• Recipient

• Attachments

• Cc and Bcc

In addition, we’ve made various other UI enhancements to the email preview.

Downloading the Audit log: You can now download the audit log - in .csv format. The download will include all events currently displayed in the log - based on the Date Range and Search settings. For details, see Downloading the audit log

Showing "Quarantined-by-Microsoft" emails in the Scans page: The Scans page can now include emails that were quarantined by Microsoft Defender. This helps you to monitor quarantined emails in just one platform. In the Scans page, you can easily identify emails that were quarantined by Microsoft Defender. These emails have the "Quarantined by Microsoft" icon [] on the left of the Scans page.

The "Quarantined by Microsoft" functionality is currently available to a limited number of customers. It will be made available to additional customers in the near future. Contact your Customer Success Manager for more details.

For details, see Quarantined by Microsoft.

Generating Periodic reports on-demand - with specific start dates: When you generate an on-demand Periodic report, you can now specify the start-date for the report.

The generated reports can be automatically sent by email to specified recipients, soon after as the reports are generated. This may take a few minutes. The generated reports are maintained in "Acronis Email Security", and listed in the Periodic Reports page. You can download any of the generated reports - in PDF or JSON format. For details, see Generating Periodic reports on-demand

Generating Periodic reports on-demand: You can now generate Periodic reports on demand. When you generate an on-demand Periodic report, "Acronis Email Security" will generate the report for the most recent completed period. The generated reports can be automatically sent by email to specified recipients, as soon as the reports are generated. The generated reports are maintained in "Acronis Email Security", and listed in the Periodic Reports page. You can download any of the generated reports - in PDF or JSON format. For details, see Generating Periodic reports on-demand

Custom logos in Periodic reports: You can now configure "Acronis Email Security" to replace the "Email Security" logo with your organization's logo at the top of each page in all Periodic reports. To set this configuration, go to Account > Account > Customization, and click Edit []. For details on configuring customized logos, see Customization - Organization Logo.

AI-based summary of scan verdict factors: When you analyze a malicious scan in the Scans page, you can now generate an AI-based summary of the significant factors that contributed to the scan verdict. Simply locate "GPThreat Hunter Summary" in the Scans page, and then click Generate Summary. GPThreat Hunter will almost instantaneously generate an easy-to-read summary of the scan verdict.

Note that this functionality is available only for email scans that have a malicious verdict.

Custom logo for dark theme: Lets you upload a custom logo that will be displayed on the left side of the "Acronis Email Security" banner when the dark theme is used. For details, see Customizing "Acronis Email Security".

Specifying an organization time zone: By default, the times that appear in email alerts and reports are UTC times. You can now specify a time zone for your organization, and then all alerts, digest reports, and periodic reports will show the specified time zone. You can find the Organization time zone setting under Settings > Account > Customization. For details, see Time Zone.

Letting end-users release spam emails from quarantine: You can now configure Digest reports to include a "Release from quarantine" option for each entry in the report that has a Spam verdict. This enables end-users to release their own Spam emails from quarantine. The verdict of the scan is automatically changed from Spam to Clean. To enable end-users to release spam emails from quarantine, go to Account > Preferences > Alerts and Reports, and click Edit. Scroll down to "End user alerts and reports" - and enable "Allow end users to change Spam verdicts to Clean and release from quarantine". For details, see Configuring Digest reports.

New quarterly reports: You can now generate Quarterly reports - in addition to the existing Weekly and Monthly reports. For details, see Reports.

Maintaining the "hash block list": You can now maintain the "hash block list". When a file should be scanned, if the SHA-256 hash of the file is included in the "hash block list," then the file won't be scanned, and the scan verdict will be set to malicious. For details, see Configuring the "hash blocklist"

New advanced filter: "Only Simulation": We've added a new scans advanced filter on the Scans page: "Only Simulation". Use this new filter to display all those scans that have been assigned a simulation tag. This filter is located in the Scans page, in the Detection section of the Advanced filters. For details, see Listing all simulation scans.

Modifying the destination for emails with spam verdicts: You can now modify the location to which emails with spam verdicts will be sent - if spam emails are not configured to be quarantined. The options are to the Inbox or to the Junk folder. Previously, you could specify the location to where spam emails would be sent only when you onboarded the integration. This option appears only if the organization has a Microsoft 365 API integration configured. For details, see Configuring spam remediation.

Domains and Drives reports have been deprecated: The Domains reports and Drives reports have been deprecated - and are therefore no longer available. Information from these reports is now included in the newly-formatted Weekly and Monthly reports.

To review and configure which reports are generated for your organization, go to Account > Preferences > Alerts and Reports.

For details about reports, see Reports

New format for periodic reports: We’ve updated our weekly and monthly periodic reports. We’ve improved the content that is included in the reports, and we’ve enhanced the format of the reports. The reports are now generated in pdf format. The pdf files will be attached to the email messages that are sent to the specified admin users. For details, see Weekly reports and Monthly reports.

New dark theme option: Admin users can now select the dark theme [mode] to display "Acronis Email Security". To switch to the dark theme, click the down-arrow that is on the right of your name on the right of the "Acronis Email Security" banner, click Theme, and then and then click the Dark theme option. For details, see Selecting the display theme.

Interface language selector moved: We've moved the location where you can select the language to display in the "Acronis Email Security" interface. To change the display language, click the down-arrow that is on the right of your name on the right of the "Acronis Email Security" banner, click Language, and then click the required language. For details, see Selecting the display theme.

Simulation emails always remain Clean: Emails that are identified to be phishing simulation emails are assigned a Clean verdict by "Acronis Email Security". They are also assigned the "Simulation tag". This tag enables the "Acronis Email Security" IR Team to identify the email as a simulation email. Now it is no longer possible to change the scan verdict of these simulation emails - from Clean to any other verdict - when using the Request Investigation or Change Verdict features. For details, see Email phishing simulation campaigns.

The new Protected Email Assets page lets you view and manage the email-related assets in your organization that are protected by Perception Point X-Ray.

• For inline connections [Google Workspace, Microsoft 365 Inline, Microsoft Exchange, and "Other email services"], the Protected Email Assets page shows information about the domains that are protected, similar to the former Domains page.

• For Microsoft 365 API connections, the Protected Email Assets page shows information about the email-related assets that are protected. The protected assets can include domains, groups, and users. The Protected Email Assets page also lets you switch between protecting the organization's entire Microsoft 365 account, and partial protection.

The new Protected Email Assets page replaces the Domains page.

Additional functionality will be added to the Protected Email Assets page in the coming months.

To open the Protected Email Assets page: In "Acronis Email Security", in the left navigation menu, select Account > Protected Email Assets.

For more information about the new Protected Email Assets page, see Protected Email Assets.

Custom organization logo in the "Acronis Email Security" banner: By default, there is a "Perception Point X-Ray" logo on the left side of the X-Ray banner. You can now replace the default logos with your organization's logo, typically for white-labeling or branding purposes. You can find the customization controls under Account > Preferences > Customization. For details, see Customization - All settings .

New Digest report replaces the Quarantine report: The Quarantine report has been replaced by the new Digest report. You can configure the Digest report to include all incidents that occurred during the reporting period - even those incidents that were not quarantined, or only those that were quarantined (as before). This configuration is set under Account > Preferences > Alerts and Reports. The Digest report clearly displays the scan verdict, as well as the current location of the associated email or file [where relevant]. For details, see Digest reports. Various settings for the new Digest report can be customized under Account > Preferences > Customization. For details, see Customization - All settings .

Including non-quarantined emails in quarantine reports: By default, emails will be included in daily quarantine reports only if the email was actually quarantined. Now you can clear the "Include quarantined items only" check box in the Account > Preferences > Alerts page if you want to include emails that were not actually quarantined. For details, see Bundles and Channels.

Separate lists for target malicious incident alerts and malicious case alerts: You can configure "Acronis Email Security" to send an email alert to admin users each time:

• a malicious incident occurs - that is, the scan of an email or of a file is assigned a malicious verdict

  - or -

• a case is added to the Cases page in "Acronis Email Security"

Until now, all these alert emails were sent to the same set of admin users that you specified. Now you can specify one set of target admin users for malicious incident alerts and another set of target admin users for malicious case alerts.

Exclude block-listed items from various alerts and reports: When you configure a block list, you can now configure the block list so that any email that is blocked by the block list will be excluded from various alerts and reports. You can specify that these blocked emails be excluded from:

• Admin alerts

• End user alerts

• Digest reports

For further details, see Blocklists.

Detection settings moved to the Channels page: We've moved the Detection settings (Quarantine and Follow URLs) from the Preferences page to the Channels page - where you can now find the Detection settings under Default Channel Settings. This helps you to manage your channel settings on a single page. For further details, see Bundles and Channels.

Default quarantine setting for new Microsoft 365 channels: When you activate a new Microsoft channel integration [Teams, OneDrive, or SharePoint], by default, quarantine will be enabled. To disable quarantine, contact "Acronis Email Security" Support [support@perception-point.io]. Existing Microsoft channel integrations are not affected.

Limiting scans that can be accessed - based on scan verdict: Some admin user roles permit admin users to access scans in the Scans page. By default, when an admin user is permitted to access scans, the admin user is able to access scans that have any verdict. The new "View verdict permissions" feature lets can specify that the admin user will be permitted to access scans that have specified verdicts only. For example, you could permit a certain admin user to access scans that have malicious verdicts only. For details, see Admin users.

Download scan list from the Scans page: When you display scans in the Scans page, you can now download the selected scans to your computer - in CSV format. This is in addition to the existing functionality that enables you to export the selected scans - where the exported data is contained in an email that is sent to your email address. For details, see Scans.

Configuring channels: We’ve enhanced the way that channels are configured in "Acronis Email Security". The configuration functionality has been moved from the Preferences page to the Channels page. Enabled channels appear at the top of the Channels page, and additional channels [that can be enabled] appear at the bottom of the Channels page. This enables you to now perform all the required channel configurations in the Channels page. For details, see Bundles and Channels.

Customizing quarantine placeholder files: We’ve added the ability to customize the quarantine placeholder files in the Microsoft file storage channels (OneDrive and SharePoint). Now you can specify the text that appears in the placeholder files, and add relevant links in the files. This enables you to provide customized guidance for the end users regarding the quarantined files. For details, see OneDrive integration and SharePoint integration.

Customizing alert emails: We’ve added the ability to customize the alert emails that are sent to end users when the scan of an email or a file is assigned a malicious verdict. You can now specify the sender display name, "Reply to" email address, and "Contact us" email address in the alert emails. In addition you can include your organization’s logo in place of the Fortinet logo. For details, see Customizations.

Sending spam to the Inbox: When you perform an API integration with Microsoft 365, you can now select the location to where spam emails will be moved - to the Inbox or to Junk. This new configuration applies only if spam emails are not configured to be quarantined. This setting is typically relevant only to PoC installations - not to production installations. In production installations, spam emails should be sent to the Junk folder, or quarantined. For details, see Onboarding Microsoft 365 [API].

Email integrations renamed: In the "Acronis Email Security" user interface, the Gmail integration is now referred to as the Google Workspace integration, and the Office 365 integration is now referred to as the Microsoft 365 integration.

Whitelists now called "allow lists": In "Acronis Email Security", whitelists are now referred to as allow lists, and blacklists are referred to as block lists. There is no change in the functionality of any of these lists.

Applying URL whitelists and URL blacklists to selected channels only: When you create a URL whitelist or a URL blacklist, you can now specify to which channels the whitelist or blacklist applies. By default, new URL whitelists and URL blacklists apply to all channels. For details, see Configuring the "URL allowlist" and Configuring the "URL blocklist".

Specifying escalation contacts: You can now associate escalation contact email addresses with your organization. These are the email addresses to which emails will be sent by Perception Point in case of an emergency, such as account takeovers and Business Email Compromise issues. The escalation contacts enable prompt resolution of urgent incidents. Providing an active 24/7 escalation contact address enables quick response to critical situations - minimizing disruptions, and ensuring the security and reliability of your account and emails. Specifying escalation contacts is now mandatory for all new organizations - and when you edit an existing organization. It is recommended that you specify a group email address for your escalation contacts. For details, see Organizations.

Displaying the environment in which the organization is located: You can now see in which environment your organization is located: US, EU, or AU.

Incident Response Summary page: The new Incident Response Summary page gives you greater visibility into the work that our incident response team is constantly doing: protecting your organization; saving you time and money. For details on the Incident Response Summary page, see Incident Response Summary.

Disclaimers added for the Microsoft API connection method: You can now add disclaimers to email integrations that use the Microsoft API connection method. In addition, disclaimers are now also available for BCC and journaling installations. For more information about disclaimers, see Banners.

Spoofing detection through business partner identification: One form of business email compromise (BEC) is where a scammer uses email to trick someone into sending money or performing another form of financial transaction. For example, the culprit poses as a trusted figure, and then asks for a fake bill to be paid.

We've added the ability to detect additional spoofing attempts through the identification of business partners. Based on previous email correspondence, we develop a database of business partners for each organization. This database is constantly updated. When we detect an email that appears to be financially oriented, we check to see if the email originates from one of the identified business partners. If not, we send the email for investigation. Our detection algorithms work for emails in English and multiple other languages.

Extracting QR codes from email attachments: We have extended our ability to detect malicious content in QR codes. Now, in addition to extracting QR codes directly from emails, we've added the ability to extract QR codes from files that are attached to emails. Currently, we can extract QR codes from Microsoft Word, Powerpoint, and Excel files. After we extract a QR code, we dynamically scan the code to determine if it includes any malicious URLs or other malicious content.

"Acronis Email Security" user interface now available in Japanese: You can now display the "Acronis Email Security" user interface in Japanese. This is in addition to the languages that were previously available: English, Spanish, German, French, Italian, Portuguese, and Korean. To change the UI language, click the Language icon on the right of the "Acronis Email Security" banner, and then select the required language. For details, see Profile.

New Microsoft API connection method for Office 365: Our new Microsoft API connection method for Office 365 installations has been released. This new functionality provides you with an additional way to connect your Office 365-based email services to Perception Point’s Advanced Email Security – using the Microsoft Graph API. For details, see Onboarding Microsoft 365 [API].

Viewing and managing restricted file types: "Acronis Email Security" now lets you manage your own set of restricted file types, for example, executable files. Files of a restricted type can be blocked by Perception Point - regardless of whether the files are clean or malicious. For details, see Restricted file types.

Improved detection in MSI files: We improved our MSI file scanning by adding the ability to unpack the MSI files in order to be able to extract and detect malicious payloads inside these files - in addition to the scans that we previously performed. This enhanced MSI detection functionality is automatically made available to all users of Perception Point.

Linking AES [Advanced Email Security] and ABS [Advanced Browser Security] scans: Scans performed by Perception Point’s AES [Advanced Email Security] and ABS [Advanced Browser Security] can now be linked inside X-Ray. This means that if a URL was included somewhere inside an email, and the same URL was also accessed independently using an ABS-protected browser, the two resulting independent scans are now linked. This improves your ability to analyze the information from both scans. You can access the linked scans under Extracted Path in the details view of the Scans page.

Conversation hijacking detection: Conversation hijacking attacks occurs when bad actors insert themselves into ongoing email conversations - creating misconceptions that make the legitimate participants of the conversation believe that the hijackers are also legitimate participants. Perception Point’s scanning engines now include the ability to detect conversation hijacking attempts. When a conversation hijack attempt is detected by Perception Point, the associated email is assigned a malicious scan verdict. The new conversation hijacking detection functionality is automatically made available to all users of Perception Point’s email security.

Configuring the Top-X attack component in Insights: In the Insights page inside "Acronis Email Security", you can now configure the Top-X component that defines which attack vectors are shown. You can specify the attack options that will appear in the Top-X component, and the order in which these selected options will appear.

Sender Profiler: Perception Point's new Sender Profiler gives you real-time insight into the traffic and reputation associated with the sender of each scanned email. The sender of an email is broken down into multiple components, and each component is analyzed separately, and where beneficial, together with other associated components.

• Traffic insights: The Traffic insights chart lets you can see details of the traffic associated with an email sender, broken down by component, and displayed per verdict.

• Reputation analysis: The Reputation analysis spider-graph displays a real-time graphical representation of the data from Perception Point's reputation algorithms. Hover your cursor over the graph to show additional information.

The Sender Profiler is available for all email scans that have a spam or malicious verdict.

ATO detection improvements: "Acronis Email Security"'s ATO detection for Microsoft 365 has been improved. We are continuously improving our ATO [account takeover] detection capabilities. The ATO detection functionality now analyzes additional inbox rules - such as "move to folder" and "delete messages" - to detect suspicious activity. For implementation details, see Configuring Microsoft 365 - ATO detection.

Code injection added to evidence: The control flow diagrams that are included as evidence in HAP scans now include code injection elements. This helps you to better understand how the attacker is trying to perform malicious activities.

Advanced Browser Security: Web security is now part of the Fortinet portfolio - with our new Advanced Browser Security offering, adding enterprise-grade security to native Chrome and Edge browsers.

Advanced Browser Security delivers the unprecedented ability to isolate, detect, and remediate all malicious threats from the web, including phishing, ransomware, malware, APTs, and more, while also securing access to sensitive corporate apps, preventing data loss (DLP) by design on both managed and unmanaged endpoints.

Easily deploy via an isolated, secured Chrome or Edge browser or a browser extension, with no added cloud infrastructure or data center expenses.

For more information about Advanced Browser Security, see our Advanced Browser Security plans or contact your Customer Success Manager at Fortinet.

"Acronis Email Security" user interface available in additional languages: You can now select the language that is shown in the "Acronis Email Security" user interface. The languages that are currently available are English, Spanish, German, French, Italian, and Portuguese.

We'll be adding more languages in the future - watch out for the announcements.

To change the UI language, click the Language icon on the right of the "Acronis Email Security" banner, and then select the required language.

Customizing the Top-X control: You can now configure the Top-X controls that define which scans are listed in the Scans page. You can specify the options that will appear in the Top-X controls, and the order in which these selected options will appear.

To configure the Top-X controls, click the Settings icon on the right of the Top-X controls. For details, see Scans.

EML & MSG files parsed during scans: MSG and EML files are now parsed when they are scanned. This enables email-related fields to be extracted and analyzed - thereby improving the scanning accuracy. This functionality is particularly useful for self-scans and for scans performed on integrated channels.

Downloading generated reports: You can now download all generated reports - in pdf format. To download a generated report, click the Download Reports icon on the right of the "Acronis Email Security" banner. The Download Reports icon appears only if at least one report has been generated. For details, see Reports.

Account Takeover [ATO] protection: If you have integrated "Acronis Email Security" with Microsoft 365, you can now enhance your email protection by enabling the new "Acronis Email Security"-Microsoft 365 ATO [account takeover] functionality. This functionality monitors user activity in your Microsoft 365 accounts to detect possible ATO attempts. Suspicious user activity includes behavior such as creating suspicious inbox rules and performing suspicious logins. For implementation assistance, contact your Customer Success Manager at Perception Point.

For details, see Configuring Microsoft 365 - ATO detection.

Chat feature: We've added a new Chat feature to "Acronis Email Security". You can use this chat feature to contact Perception Point Support [for general "Acronis Email Security" issues] or the Perception Point Incident Response team [for issues relating to a specific email].

To open a chat, click the Chat icon in the bottom-right corner of "Acronis Email Security".

Training videos: You can now view educational videos from inside "Acronis Email Security". These videos will help you to better understand "Acronis Email Security", and to be able to work more efficiently in "Acronis Email Security". The set of available videos is context-sensitive - different videos are available, depending on where you are inside "Acronis Email Security". We'll constantly be adding more videos. To see the available videos, click the Educational videos icon on the right of "Acronis Email Security".

"Acronis Email Security" Audit Log: The new "Acronis Email Security" audit log lets you see what actions were performed by your admin users - and the Perception Point IR Team - in your organization. Transparency is important to Perception Point. The audit log enhances transparency by enabling you to see every action that was performed on your data.

The audit log includes actions such as changing a verdict, previewing an email, and viewing a screenshot.

To open the audit log, hover over your name on the right of the "Acronis Email Security" banner, and then click Audit.

For details, see Audit log.

Enforcing MFA [multi-factor authentication]: You can now enforce MFA [multi-factor authentication] for your organization. All users will then have to use an authenticator app when they log-in to "Acronis Email Security". You can access the new "Force Multi-factor Authentication" functionality in the Security section of the Profile page. For details, see Profile.