URL Sandboxing tab

Use the URL Sandboxing tab in a policy to inspect uncategorized URLs in email by tagging them for additional real-time advanced security analysis. Doing so helps protect end users from accessing malicious websites.

Note: If a website is uncategorized, URL sandboxing changes (“wraps”) the URL in the email delivered to users. To add an exception for specific URLs to prevent them from being sandboxed, add a sandboxing exception. See URL sandboxing exceptions.

With URL sandboxing, if users click on a link within an email and that link or elements associated with that link are suspicious, they receive a warning that “The link may not be safe.” The notification includes:

  • The domain they are trying to access.
  • The reasons the link is considered suspicious: for example, the sender email address may be unknown to our service or the sending mail server may have a suspicious reputation.
  • The option to analyze the page further.

If they answer No to Analyze the page?, the suspicious link is not analyzed. They can then close the notification window. For their protection, they cannot access the page.

If they answer Yes, the page is analyzed using Forcepoint Email Security Cloud real- time advanced security analysis. They then receive one of the following messages.

The notification messages can be customized. See Configure block and notification.

Notification Description
The link appears to be safe No malicious threats found. The notification lists the URL and category or categories of the page. Users can proceed to view the page if they choose to do so.
Access denied Malicious threats detected in the page. The notification lists any matched categories along with the sites suspected of being infected with a malicious link. Users cannot access the page.
Access denied Users may also receive an Access denied notification if their organization does not permit them to browse uncategorized web pages.
Unable to access page The web server may be down or the link may be incorrect. They may want to try again later, or contact their administrator for more information.
Unable to analyze URL The page could not be analyzed because its protocol is not supported. Supported protocols are HTTP, HTTPS and FTP. If you have selected the Allow the recipient to follow links with an unsupported protocol option, the user can proceed to view the page if they wish; otherwise, the user cannot access the page.
Important:

Websites that rely on cookies are not supported. When analyzed, URLs that resolve to sites that rely on cookies may return an error or an incorrectly rendered page. See the article Embedded URL sent for analysis fails with an error or incorrectly rendered page in the Knowledge Base.

Administrators can retrieve the original URL in the cloud portal using the URL Sandboxing Utility located in Email > Toolbox.

Any administrator or end user can check any URL for malicious content by going to the online Advanced Classification Engine (ACE) CSI Insight page (https:// csi.forcepoint.com) and entering the URL.

If a user must access a link that gets an error (or is otherwise blocked by the URL sandbox), the user should work with Technical Support to resolve the issue.

Forcepoint Email Security on-premises administrators need to contact Technical Support with the sandboxed URL and request the original URL.