Settings¶
The Settings tab is used to manage Coro's email security settings. To enable email security, select Enable real-time email security:
This provides access to the following options:
- Malware in email attachments
- Phishing in emails
- Quarantine emails with attachments of these specified file types
- Specify the default email quarantine folder
Malware in email attachments¶
All incoming emails are immediately scanned for attachment files that might be malicious. Suspicious files are deleted for all recipients to prevent possible damage and a ticket is raised to record the event. As Coro has already enacted remediation, no further Admin intervention is required and the ticket is marked closed.
Admin users can review closed malware tickets to examine the details, including performing actions such as downloading the suspicious email for analysis or adding sender details to an Allowlist or Blocklist.
To learn more, see Malware in email attachments.
Phishing emails¶
Emails sent to your users from external domains are examined for phishing indications. Coro creates tickets for suspected phishing events only if the domain or email address is not included in the Allowlist.
Note
Coro additionally checks internal email for specific events. For more information, see Domain spoofing.
Coro can identify a range of different phishing categories, with specific ticket types being raised to help Admin users analyse trends. For all categories (excluding user-reported phishing through the Coro add-in), Coro deletes or quarantines the suspicious email and raises a ticket to record the event. As Coro has already enacted remediation, no further Admin intervention is required and the ticket is marked closed.
Admin users can review closed phishing tickets to examine the details, including performing actions such as downloading the suspicious email for analysis or adding sender details to an Allowlist or Blocklist. To see the full range of phishing email ticket types reported by Coro, see Ticket types for Email Security.
Quarantined email attachments by file type¶
Admin users can trigger an email security ticket by adding a list of blocked email attachment file extensions. Select Quarantine emails with attachments of these specified file types (by default, On). Add and remove file attachment extensions using the File types list.
The list of default file extensions is:
- .exe
- .dll
- .bat
- .vb
- .js
- .com
- .iso
- .chm
- .lnk
- .htm
- .html
Select Reset to re-add the list of default extensions.
Incoming emails containing attachments of the file types defined are automatically quarantined, and Coro creates a Forbidden attachment type ticket to record the event.
Note
Additional file extensions can be added to the File types list.
Note
All activities associated with email tickets are logged in the Activity log.
To learn more about types of sensitive data to monitor for access and exposure in email sharing, see User Data Governance.
To learn more about types of email tickets, see Ticket types for Email Security.
Specifying the default email quarantine folder¶
Note
This feature is not applicable if you have enabled the Inbound Gateway email proxy add-on and set it to Block mode. In this scenario, suspicious emails are stored in Coro's dedicated secure storage.
Specify the default folder location where malicious emails are stored for Microsoft 365 and Gmail. The options are:
-
Dedicated Suspected folder: (default setting) All quarantined emails are stored in a dedicated Coro Suspected folder in the email service. Coro creates this folder at a first detection and stores malicious emails within it thereafter.
-
System trash folder: All quarantined emails are stored in the system (Microsoft 365/Gmail) trash folder instead of the dedicated Coro Suspected folder.
Note
When the default quarantine folder is changed, quarantined emails are not transferred between folders.
To set the default email quarantine folder, use the Quarantine folder selector:
All quarantined emails are now stored in the selected folder.