Large number of emails labeled with overall verdict of FAILED (severity -2) in Email Reports
Last Modified: 2023-05-09 12:19:03 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Large number of emails labeled with overall verdict of FAILED (severity -2) in Email Reports
Technical Articles ID:
KB93765
Last Modified: 2023-05-09 12:19:03 Etc/GMT Environment
Advanced Threat Defense / Intelligent Sandbox (ATD / IS) 4.12.0
Problem
You see many emails displaying the overall verdict of:
The email report shows that at least one of the attachments is strangely named and has a Cause
ATD / IS 4.12 has a new feature in Email Connector, which can extract the URL string from the body of an email message and scan it. We've found an issue in the text-extraction process. The process incorrectly extracts a non-URL string as a candidate for URL scanning. ATD / IS obtains this non-URL string as a URL sample, and returns The ATD / IS Email Connector gives an overall verdict as So, the incorrectly extracted string causes the overall verdict of Solution
This issue was resolved in ATD / IS 4.12.2, which is available from the Product Downloads site. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Related Information
You might see a large amount of legitimate URL string samples submitted from the Email Connector, and scanning of other sample types is delayed. ATD / IS is overwhelmed with the URL samples. To troubleshoot this scenario, see KB93820 - ATD/IS receives a large number of URL samples from Email Connector. Affected ProductsLanguages:This article is available in the following languages: |
|