Best Of
Re: Unsafe URL Detection
Hi @dvsken1976
Thanks for reaching our the WithSecure community and raising your question about the "Unsafe URL Detections" you’re seeing in Elements Collaboration Protection and how your policy handles them. Here’s a simplified overview to help you understand and manage these settings:
1. Policy Settings Overview: Your policy includes two Exchange URL Scanning options: Malicious URL and Suspicious URL, both currently set to Move item into quarantine.
- Quarantine (Recommended): This is the safest option. Quarantined items are stored securely and cannot cause harm, and you can review and release them if needed. Choosing Delete item would remove the email permanently.
- Alternative for Suspicious URLs: For URLs that might be risky but aren’t confirmed malware, some admins use Modify the subject instead. This delivers the email to the user but adds a warning (like "Malicious URL content") to the subject line.
2. Viewing the Specific Detection Type: If a notification just says "harmful URL," you can check the portal for the exact classification:
- Go to the Detections page in the Collaboration Protection portal.
- Filter by Type of threat.
- You’ll see it categorized as either Harmful (confirmed malware) or Suspicious.
- Admin notifications also include a variable (
$URL-THREAT) showing the exact reason the URL was flagged.
3. Extra Tips & Best Practices
- Trusted and Blocked Websites: Improve scanning accuracy by configuring sites:
- Trusted websites are skipped in scanning.
- Blocked websites are explicitly blocked (and take priority over trusted ones).
- Reporting False Positives: If a URL looks incorrectly flagged, you can report it to the WithSecure Tactical Defense team from the detection details page for review.
Hope this helps! If you run into any trouble adjusting these settings or reviewing quarantined items, feel free to ask here.
Best regards,
Sethu
Community Moderator | Technical Support Engineer, WithSecure
Re: How to work rational with the ESC?
Thanks for starting this discussion and for clearly outlining where the current Elements Security Center workflow is creating extra steps for you. Feedback like this is important, and I appreciate you taking the time to share specific examples.
I’ll escalate this internally to our Product and UX teams so they can review the navigation behavior you highlighted.
For any feature requests or improvement suggestions, please note that all product enhancements are reviewed exclusively through our ideation process. You can submit them directly here:
We rely on community votes to understand which improvements matter most and to help the product team prioritize what to develop first. You’re also welcome to add your own votes to any existing ideas that already cover the improvements you’re looking for — every vote helps shape the roadmap.
Thanks again for the constructive feedback!
How to Allow System Extension, Driver Extension & Network Extension using MDM profile?
Hello
Is there any workaround to auto-approve the System Extension, Driver Extension & Network Extension without user interaction on macOS?
I'm currently using JumpCloud as my Device Management Solution.
I have done creating the policy for extension, however it appears that require to allow manually and what I need to fill in the details for Network Extension.
Gusgabre
Critical workstation firewall profile and allow url/domain
Hi,
We have customer who has critical sensitive user data in use, and they need firewall rules that block all outbound and inbound traffic except allowed.
We can achieve this using "critical workstation" firewall profile and then allow needed ip-addresses.
However, one program (autodesk autocad) needs constant connection to lisencing service and they do not inform ip addresses for service, but only domains to allow.
Is there a way to allow domain/url instead of ip?
I noticed that there is "network isolation" section in profile settings, and there is "allowed domains" text box. But then it states that those rules only apply when using network isolation withsecure profile. I cannot find such profile. I tried to apply domains to that text box, but it is not working.
So, is it possible to allow specific domains instead of ip?
itans