Perform the remediation action on the email quarantined for Proofpoint.
Before you begin
Proofpoint provides four remediation actions:
Release Email with Scan
Release Email without Scan
Release Encrypted Email with Scan
Delete Email
By default, Release Email with Scan, Release Email without Scan, Release Encrypted Email with Scan, and Delete Email response options and
Proofpoint Remediation Action Rule to perform the remediation action on the email. These response options also have the Proofpoint Email Release Approval Rule configured with
it to leverage the approval functionality for these actions. These remediation actions are available to the End Users, Analysts, Escalated Incident Reviewers for execution.
The following procedure explains how to submit the remediation action from the DLP Analyst Workspace. As a DLP Admin and DLP Analyst, you can:
Navigate to All > DLP Incident Management > DLP Analyst Workspace.
Open any Proofpoint DLP incident with Scan source as Email SMTP.
Click Respond.
Select the response option from the Response drop down list.
Click Submit.
The following procedure explains how to submit the remediation action from the DLP User Workspace. As an end user, you can:
Navigate to All > DLP Incident Management > DLP Analyst Workspace.
Open any Proofpoint DLP incident with Scan source as Email SMTP.
Click Respond.
Select the response option from the Response drop down list.
Click Submit.
Note:
When an approval rule is configured for this action, the approval flow will be triggered first and after receiving all the approvals, the email remediation flow will be triggered, and then the action will be
performed.
If Delete Email is performed, then the state of the DLP incident is updated to Delete File. For any other response option, the DLP incident state will be updated
to Released Email from Quarantine after the email is successfully released.