https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97108#M3155 <P>Attachments are opened in a Virtual Machine. If something is detected it's matched with virus total. The message is then quarantined by rules you configure. If it's a zero day it goes right to Google Security Engineering for analysis.&nbsp;<BR />No message is sent back to the sender since they may be a nefarious actor.&nbsp;</P> <P><A href="https://support.google.com/a/answer/11479100?hl=en" target="_self">Gmail Logs</A> maintain a record of what was discovered.</P> Fri, 27 Sep 2024 16:38:04 GMT claycodes 2024-09-27T16:38:04Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97077#M3154 <P>If an incoming email with an infected attachment is caught by the sandbox features, what happens to that message?</P><P>I know the assumption is the message is blocked.</P><P>But is the message rejected back to the sender?</P><P>Does the intended recipient receive a message that an incoming message was blocked?</P><P>Are sandbox events logged in the admin console somewhere?</P><P>Guess I never really thought about it passed simply enabling the feature.</P> Fri, 27 Sep 2024 16:32:43 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97077#M3154 ddelboccio 2024-09-27T16:32:43Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97108#M3155 <P>Attachments are opened in a Virtual Machine. If something is detected it's matched with virus total. The message is then quarantined by rules you configure. If it's a zero day it goes right to Google Security Engineering for analysis.&nbsp;<BR />No message is sent back to the sender since they may be a nefarious actor.&nbsp;</P> <P><A href="https://support.google.com/a/answer/11479100?hl=en" target="_self">Gmail Logs</A> maintain a record of what was discovered.</P> Fri, 27 Sep 2024 16:38:04 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97108#M3155 claycodes 2024-09-27T16:38:04Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97148#M3156 <P>I do not see any other option for "Security Sandbox" other than enabling it.&nbsp; I do not see any reference to messages being quarantined.</P><P>Would the message events appear in the "suspicious attachments" security dashboard card?</P> Fri, 27 Sep 2024 16:44:45 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97148#M3156 ddelboccio 2024-09-27T16:44:45Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97157#M3157 <P>Now I am seeing conflicting information in this Google document:</P><P><A href="https://support.google.com/a/answer/7676854?hl=en&amp;ref_topic=9974692" target="_blank">https://support.google.com/a/answer/7676854?hl=en&amp;ref_topic=9974692</A></P><P><EM>When Security Sandbox identifies a message with suspicious or malicious attachments, the message is automatically sent to the recipient's spam folder. Google saves information about the attachment to improve security in other Google products.</EM></P><P>Enabling the Security Sandbox setting <STRONG>DISABLES</STRONG> the Security Sandbox <STRONG>rules</STRONG> settings.</P><P>Does this now mean detected message with infected attachments are sent to SPAM?</P> Fri, 27 Sep 2024 16:50:55 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Email-sandbox-feature/m-p/97157#M3157 ddelboccio 2024-09-27T16:50:55Z