Cloud Protection Policy Settings (Exchange) – HENNGE One Help Center

Target

Administrators who perform initial setup and operational management of HENNGE Cloud Protection

Purpose

This article explains the settings available in the [Exchange] tab, which can be configured in the policy of HENNGE Cloud Protection.

Notes

The content of this article is based on the product specifications as of April 2025 and may change without notice thereafter.
Administrator privileges for HENNGE Cloud Protection are required to verify the actual screen and change settings.
Please refer to the following article for how to access the Administration.
How to access the HENNGE Cloud Protection Administration
Policies can only be specified on a tenant basis.

Procedure

This section explains the values that can be set in the [Exchange] tab by selecting Policy from the left menu in the HENNGE Cloud Protection Administration.
Please refer to the following article for how to create a policy.
Creating a new policy

General

Item Name	Description
Real-time Scan	Set whether to use real-time scanning for email messages and other Exchange items within the organization's mailboxes.
Trusted Senders	If this feature is set, emails from trusted sender addresses will not be quarantined or deleted. By default, this feature is off. Scan and warn when harmful content is detected ("Low" severity) Selecting this option will display a warning in the system when harmful content is detected with "Low" severity. No action is taken on the email item, and it is delivered to the recipient as is.
	Trusted Email Sender Addresses Use this when you want to add email addresses of senders whose emails will not be quarantined or deleted if [Trusted Senders] is on.
	Trusted Sender Domains Use this when you want to add trusted sender domains if [Trusted Senders] is on. Emails sent from these domains will not be quarantined or deleted.
Quarantine	You can select the period until quarantined items are automatically deleted. The following periods can be changed. ・1 month ・3 months ・6 months ・1 year

Malware Scan

Item Name	Description
Malware Scan	Set whether to use the malware scan feature.
Scan Files	Set the types of files to be scanned. The possible settings are as follows: ・All ・Include only ・All except excluded items If [Include only] is selected, some files are pre-specified in [Target Files], but you can also specify any files you like.
	Scan Archive (Compressed) Files Set whether to scan all files within compressed archive files. ※ Even if the target files are password-protected, scanning will be executed as far as possible, and suspicious behavior may result in quarantine.
	Evaluation in Sandbox Send suspicious files to WithSecure's Security Cloud to analyze their behavior and determine if they are safe or harmful.
Unauthorized File Types	Displays unauthorized file types. The target file types are set in the policy item [General] - [Threat Control] - [Malware Scan] tab. Policy Settings (General)
Processing	Specify the action to take when malware is detected. The possible actions are as follows: ・Quarantine malicious attachments ・Quarantine the entire item ・Delete malicious attachments ・Delete the entire item ・Do nothing
	Notify Administrator Set whether to notify the administrator when malware or unauthorized file types are detected. The admin email is set in the policy item [General] - [Notification] - [Recipient Email Address]. Policy Settings (General)
	Notify Users of the Following Severity Detection Results Set whether to notify users when malware or unauthorized file types are detected. The severity of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity]. Policy Settings (General) ・The notification text for malware detection is set in the policy item [Exchange] - [Notification] - [Malware Notification]. ・The notification text for detecting unauthorized files is set in the policy item [Exchange] - [Notification] - [Prohibited Content Notification]. Notification

URL Scan

Item Name	Description
URL Scan	Set whether to use the URL Scan feature for web links (URLs) within the body of email messages and other Exchange items.
Malicious URL	Specify the action to take when a malicious URL is detected. The following actions can be specified: ・Quarantine the item ・Delete the item ・Change the subject and disable the URL link ・Do nothing
	Notify Administrator Set whether to notify the administrator when a malicious URL is detected. The admin email is set in the policy item [General] - [Notification] - [Recipient addresses]. Policy Settings (General)
	Notify Users of the Following Severity Detection Results Set whether to notify users when a malicious URL is detected. The severity to be detected is set in the policy item [General] - [Notification] item [User Notification Based on Severity]. Policy Settings (General) The notification text is set in the policy item [Exchange] - [Notification] item [Notification of Malicious URL]. Notification
Suspicious URL	Specify the action to take when a suspicious URL is detected. The following actions can be specified: ・Quarantine the item ・Delete the item ・Change the subject and disable the URL link ・Do nothing
	Notify Administrator Set whether to notify the administrator when a suspicious URL is detected. The admin email is set in the policy item [General] - [Notification] - [Recipient addresses]. Policy Settings (General)
	Notify Users of the Following Severity Detection Results Set whether to notify users when a suspicious URL is detected. The severity to be detected is set in the policy item [General] - [Notification] item [User Notification Based on Severity]. Policy Settings (General) The notification text is set in the policy item [Exchange] - [Notification] item [Notification of Malicious URL]. Notification
Trusted Websites	Set websites to be excluded when scanning harmful websites.
Trusted Websites	Allow Reporting of Trusted Websites to WithSecure When registering trusted websites, checking this item will submit a report to WithSecure for functionality improvement.
Blocked Websites	Set websites to be blocked when scanning harmful websites.

Scan Incoming Trail Rules

Item Name	Description
Scan Incoming Mail Rules	Set whether to use the suspicious incoming mail rule detection feature. You can enable or disable each of the following detection conditions. ・Suspicious rule name ・Suspicious rule for moving emails ・Suspicious rule for deleting emails ・Suspicious rule for forwarding emails ・Suspicious hidden inbox rule
Processing	Specify the action to take when malware is detected.
	Notify Administrator Set whether to notify the administrator when a suspicious incoming mail rule is detected. The admin email is set in the policy item [General] - [Notification] - [Recipient addresses]. Policy Settings (General)
	Notify Users of Detection Results with the Following Severity Set whether to notify users when a suspicious incoming mail rule is detected. The severity of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity]. Policy Settings (General)

Compromised Account

Item Name	Description
Compromised Account	Set whether to use the compromised account detection feature.
Processing	Specify the action to take when it is determined that an account is compromised.
	Notify Administrator Set whether to notify the administrator when a compromised account is detected. The admin email is set in the policy item [General] - [Notification] - [Recipient addresses]. Policy Settings (General)
	Notify Users of Detection Results with the Following Severity Set whether to notify users when a compromised account is detected. The severity of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity]. Policy Settings (General) The notification text is set in the policy item [Exchange] - [Notification] - [Compromised Account Notification]. Notification

Notification

Edit the notification text for users and administrators when a threat is detected.
The notification text for the following cases can be edited.
※ Each notification text is usually written in English, so a Japanese translation sample is also provided.
※ The notification text can automatically retrieve and display predetermined variables such as the recipient and subject of the item.
※ For a list of available variables, please check the following page from WithSecure.
Variables Used in Notification Emails (External Site)
※ The content defined by $THREAT-TEMPLATE-BEGIN and $THREAT-TEMPLATE-END is applied only once per notification setting.
If you want to include multiple languages, please refer to the example below.
Example:
$THREAT-TEMPLATE-BEGIN
Quarantine Item ID / Quarantine Id : $QUARANTINE-ID
Direct Link to Quarantine Item / Attachment Quarantine Link : $QUARANTINE-LINK
Affected File / Affected File : $AFFECTED-FILENAME
File Size / File size : $AFFECTED-FILESIZE (bytes)
Threat Type / Threat : $ATTACHMENT-THREAT
$THREAT-TEMPLATE-END

Malware Notification+

Malicious URL Notification+

Compromised Account Notification+

Item Name	Sample Translation in Japanese
User Notification (Critical)	Subject HENNGE Cloud Protection: Detection of Critical Account Breach Message HENNGE Cloud Protection has detected that plain text email addresses and passwords have been stolen from a system infected with malware that steals credentials. Attackers may already be using the stolen data for fraud or online theft, or may use it in the future. We strongly recommend contacting your IT administrator for further investigation to find the infected device. In such situations, we strongly recommend using a password manager to simplify and expedite the process of protecting yourself. We also recommend enabling multi-factor authentication for all passwords.
User Notification (High)	Subject HENNGE Cloud Protection: Detection of High-Risk Account Breach Message HENNGE Cloud Protection has detected that your email address and plain text password have been leaked in a data breach. According to the analysis of your password data, you may still be using the leaked password. This could allow other third parties to access your account. We strongly recommend using a password manager to make all passwords unique and easy to manage. We also recommend enabling multi-factor authentication for all passwords.
User Notification (Middle)	Subject HENNGE Cloud Protection: Detection of Medium-Risk Account Breach Message HENNGE Cloud Protection has detected that your email address and plain text password have been leaked in a data breach. According to the analysis of your password data, you have updated your password after the breach occurred. The updated password has not been disclosed. We strongly recommend using a password manager to make all passwords unique and easy to manage. We also recommend enabling multi-factor authentication for all passwords.
User Notification (Low)	Subject HENNGE Cloud Protection: Detection of Low-Risk Account Breach Message HENNGE Cloud Protection has detected that your email address has been disclosed in a data leak. The email address included in the data leak may be actively shared online by malicious individuals. A potential attack scenario could be a spear-phishing campaign. We recommend carefully checking links in emails and enabling multi-factor authentication for your account (if not already enabled).

Notification of Released Quarantined Items+

Notification of Prohibited Content+

Notification Regarding Temporary Mailbox Protection Issues+