Detection

This page includes:

• Detection
  • About detection
  • Editing the default scanning configurations
  • Default channel settings - options

About detection

You can specify various scanning configurations for your organization.

Note: These detection options do not apply to outbound emails. See Onboarding Microsoft 365 - Outbound.

Editing the default scanning configurations

To view or set the default scanning configurations:

1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Bundles and Channels.

2. Under Enabled Channels, on the right of the page, click "Default Channel Settings". The Default Channel Settings pane opens.

   

   If you want to modify any of the settings, click Edit.

   

3. Modify the options as required.

   See Default channel settings - options below.

Default channel settings - options

Microsoft account options
Move spam emails that are not quarantined to	Specifies where emails with spam verdicts will be sent - if spam emails are not configured to be quarantined. The options are to the Inbox or to the Junk folder. For details about quarantine, see Quarantine. Note: This option appears only if the organization has a Microsoft 365 API integration configured. This option doesn't appear if the organization has a Microsoft 365 Inline integration configured. When a Microsoft 365 Inline integration configured, the handling of spam emails is defined by the transport rules that are created - either automatically or manually. [See Step 3 - Configuring Microsoft 365 [Inline]] This option will apply only if end-users don't have any contradicting rules in their Microsoft email accounts. Configuration of quarantine of all other channels is performed by FortiMail Workspace Security Support [support@perception-point.io].
Detection
FP tolerance [Available for MSSP admin users only]	Sets the tolerance for false positive [FP] scans - for malicious and spam verdicts. By default, these are set to: Malicious: Low Spam: Medium Very high minimizes the number of FPs - but may result in more malicious or spam instances not being detected. There is typically no need to change these settings. Contact FortiMail Workspace Security Support [support@perception-point.io] for assistance with changing either of these settings.
Channels to quarantine [Future functionality]	Specifies for which channels quarantine will be performed. SharePoint, and OneDrive and Teams will appear as options only if they are activated. For details on how to activate a channel, see Activating a channel. You can select to quarantine SharePoint, and OneDrive and Teams only if Email Service is selected to be quarantined.
Verdicts to quarantine	Specifies which verdicts will cause emails or files to be quarantined. For details about quarantine, see Quarantine.
Follow URLs in emails	Active: Specifies if FortiMail Workspace Security should follow [click] URL links that are included in emails. When URL links are followed, it is possible to exclude the following links from being followed [clicked]: High reputation domains: High reputation domains are domains that FortiMail Workspace Security has found to be reliable. There is typically little benefit in clicking links in high reputation domains. Excluding high reputation domains reduces the scanning time. Unsubscribe links: This prevents unintended un-subscriptions from being performed during scans. It is recommended that unsubscribe links are not followed. Note: It is possible to exclude additional URLs that you are confident are reliable. For details, contact FortiMail Workspace Security Support [support@perception-point.io]. You can prevent FortiMail Workspace Security from "clicking" only specified URLs. For details, see Configuring the "URL allowlist".

See also: 

• Scans