MailSentry is the feature that allows you to scan and prevent email fraud.
MailSentry is an independent module, like Heimdal Antivirus or DarkLayerGuard. This module will intercept all outlook emails from Inbox and Sent folder. The module should start when to install Heimdal or refresh group policy if MailSentry is ON in group policy and outlook is open. If no outlook instance is open in the current moment, the module will check every 5 minutes if outlook has been opened and try to start mailsentry module.
For intercepting emails, we created a secondary app named MailSentryMonitor. If this app is closed, the module will try to start it, checking its connection every 10 minutes. Also, if Mailsentry service is closed, this secondary app should be closed.
This functionality scans inbound and outbound communications, comparing them with pre-registered signatures and detecting whether something is amiss. This helps flag down BEC attacks before they have a chance of convincing you to hand over sensitive info.
MailSentry will intercept every mail from Inbox and Sent folder and send it for validation. A partial response is received in 10 minutes and a final result will be received in 24 hours. If final/partial status is Infected, mail will be moved to Heimdal - MailSentry subfolder from Inbox. If the mail was initially infected (moved to HeimdalInfectedMails), and then in the final result it is considered uninfected, the mail will be moved back to the original folder.
The first time the MailSentry is activated (and only once), we scan the inbox for the last X days (7 by default, configurable from GP)Infected mails will be moved to inbox subfolder named: “In assessment” and “Malicious” for those declared who have final status infected.
Information about MailSentry performances can be seen in the dashboard if you select Mail Fraud Overview from the left menu.
Delete, Restore and Cancel commands
In the dashboard, you can select a mail or many and take actions (Restore, Delete and Cancel) for those mails.
Delete will delete the mail from outlook.
Restore will restore the email to the initial folder- where mail was intercepted.
Cancel will cancel one of the actions above if were not processed yet.
We save emails in C:\Users\Public\Documents, but the user can block this location and we aren’t able to read/write emails.