HENNGE Cloud Protection Available Setting Policies

Target

For customers who are considering to implement the HENNGE Cloud Protection.

Purpose

This section describes items that administrators should consider in advance in case threats are discovered by HENNGE Cloud Protection.

Caution

1. The content of this article is based on product specifications as of October 2022 and is revised accordingly without advanced notice.

Threats Detectable by HENNGE Cloud Protection

The HENNGE Cloud Protection can detect and monitor following threats in real time, that may be found on your Microsoft 365. And when threats are detected, HENNGE Cloud Protection will automatically take action.

1. Malware Items(※) attached to Exchange Online (Virus, Trojan Horse, Ransomeware...etc)
2. Dangerous URL Items(※) on Exchange Online
3. Leakage of Microsoft 365 to third Parties (Account Compromised)
4. Malice Email Inbox Rules
5. Files containing malware (viruses, Trojans, ransomware, etc.) uploaded to sites created with SharePoint Online
6. Files containing malware (viruses, Trojans, ransomware, etc.) uploaded to OneDrive

 

※ Emails, Attachment Files, Calendar Invites, Memos, Contacts, Groups and other Microsoft Office 365 User Mailbox Items

For each of the above threats, it is possible to individually specify how to respond when each threat is discovered.
The items that can be configured for each threat are listed below.

For threats that are found, please refer to the following article.

Response when threats outbreak is detected

Processing Threats detected with HENNGE Cloud Protection

1. Malware Items attached to Exchange Online

For attachment files that contains malware in Exchange Online Items, following two rules are possible.

1.1 Process Action against the detected Item
1.2 Notify the Owner of the Item or specific Email Address

1.1 Process Action against the detected Item

For items that have attachment files containing detected malware contents, the following actions are possible.

・Exchange Online Items or Files containing the malware item will be deleted automatically
・Exchange Online Items or Files containing the malware item will be quarantined automatically
・No action

If deletion action is selected, the Exchange Online Item will be deleted completely.
If quarantined action is selected, the Exchange Online Item or malware file will not be displayed on Microsoft 365 temporarily in order to prevent the malware being spread to the user clients.
The quarantined file can be seen and recovered from HENNGE Cloud Protection Admin Console by the admin any time after the detection.
The recovered quarantined item will be returned to its original place and user can read and operate normally.

1.2 Notify the Owner of the Item or specific Email Address

If an item containing file that is detected with malware, following notification settings are possible.

・Notify the owner of the Item that contains malware
・Notify specific Email Address
・Notify both of the above

2. Dangerous URL Items on Exchange Online

For Exchange Online Items that have dangerous URLs detected, following two rules are possible.

2.1 Process Action against the detected Item
2.2 Notify the Owner of the Item or specific Email Address

2.1 Process Action against the detected Item

For items that have attachment files containing detected dangerous URLs, the following actions are possible.

・Exchange Online Item will be automatically deleted
・Exchange Online Item will be automatically quarantined
・No Action

If deletion action is selected, the Exchange Online Item will be deleted completely.
If quarantined action is selected, the Exchange Online Item or malware file will not be displayed on Microsoft 365 temporarily in order to prevent the contents being spread to the user clients.
The quarantined file can be seen and recovered from HENNGE Cloud Protection Admin Console by the admin any time after the detection.
The recovered quarantined item will be returned to its original place and user can read and operate normally.

2.2 Notify the Owner of the Item or specific Email Address

If an item containing file that is detected with dangerous URL, following notification settings are possible.

・Notify the owner of the Item that contains malware
・Notify specific Email Address
・Notify both of the above

3. Leakage of Microsoft 365 to third Parties (Account Compromised)

For Microsoft 365 Accounts that are leaked to third parties or are compromised, the following rule is possible.

3.1 Notify the Owner of the account or a specific Email Address

3.1 Notify the Owner of the account or a specific Email Address

If an account is leaked or compromised, one of the following notification is possible.

・Notify the owner of the account that is compromised
・Notify specific Email Address
・Notify both of the above

4. Malice Email Inbox Rules

If an Email Inbox Rule is detected to have malicious intent, the following rule is possible.

4.1 Notify the Owner of the account or a specific Email Address

4.1 Notify the Owner of the account or a specific Email Address

If an Email Inbox Rule is detected to have malicious intent, one of the following notification is possible.

・Notify the owner of the account that is compromised
・Notify specific Email Address
・Notify both of the above

5. Files containing malware uploaded to a SharePoint Online site

The following two options can be defined as a response to the detection of a file containing malware being uploaded to a SharePoint site.

5.1 Action on Items Containing Threats
5.2 Notification to specific email addresses

5.1 Action on Items Containing Threats

If malware is detected in a file attached to a particular item, you can choose what to do with it from the following options.

・Automatically quarantine files containing malware
・No specific action is taken

When quarantine is selected, files containing malware are temporarily hidden from Microsoft 365 to prevent them from spreading to end-user devices.
Quarantined files can be viewed by administrators in the HENNGE Cloud Protection administration panel and can be restored (released) later.
Once the quarantined item is released, it is restored to its original location and can be viewed and manipulated by the user.
In addition, the file will be recorded in HENNGE Cloud Protection as a safe file. And it will be "detected" but not "quarantined", if the same file is uploaded in the future. (Exchange Protection will quarantine a file even it has been released once.)
It is also impossible to undo that behavior (i.e., revert to being quarantined again).

Reference Items:
Management Procedures for Quarantined Items

5.2 Notification to a specific e-mail address

Email notifications can be sent to specific email addresses when malware is detected.
(Notification is turned off by default).

6. Files containing malware uploaded to OneDrive

The following two options can be defined as a response when a file containing malware is detected to have been uploaded in OneDrive.

6.1 Action on Items Containing Threats
6.2 Notification to specific email addresses

6.1 Action on Items Containing Threats

When malware is detected in a file attached to a specific item, you can select the treatment from the following options.

・Automatically quarantine files containing malware
・No specific action is taken

When quarantine is selected, files containing malware are temporarily hidden from Microsoft 365 to prevent them from spreading to end-user devices.
Quarantined files can be viewed by administrators in the HENNGE Cloud Protection administration panel and can be restored (released) later.
Once the quarantined item is released, it is restored to its original location and can be viewed and manipulated by the user.

Furthermore, the file will be recorded in HENNGE Cloud Protection as a safe file. And it will be "detected" but not "quarantined", if the same file is uploaded in the future. (Exchange Protection will quarantine a file even it has been released once.) 

It is impossible to undo that behavior (i.e., revert to being quarantined again).

Reference Items:
Management Procedures for Quarantined Items

 

6.2 Notification to specific email addresses

When malware is detected, email notifications can be sent to specific email addresses.

(Notification is set to off by default)

 

 

          
Was this article helpful?

Frequently Asked Questions (FAQs)