KB Article | Forcepoint Support

Notes & Warnings

Important The KB Articles provided may require you to login to https://support.forcepoint.com to view. If you do not have an account, please Create a Customer Account. If you have an account but cannot log in, Contact Support for assistance. 

Problem Description

I want to configure or troubleshoot quarantined emails for my Forcepoint Email product.


Forcepoint Email Security Cloud allows users to review lists of suspicious and clean email through a personal email report. For additional details, see Accessing quarantined email. For more information about Forcepoint Email Security Cloud, see Forcepoint Security Portal Help.

On-Premises versions of Forcepoint Email Security will maintain quarantined emails through the Personal Email Manager (PEM). For the latest resources, see Managing quarantined messages and Using the Quarantined Messages List. For specific version resources, please visit Support Documentation and navigate to your current version.


Change notification message for quarantined email
How to change the message a user receives about a quarantined email.

Emails quarantined due to format [missing-filename]
Strict checks on message structure tests.

Quarantine reason: attachment-block [ lnk ]
How the LNK extension is used in Linux and Windows.

Quarantine Emails from a particular email address
How to quarantine emails from a specific user.

Handling Spoofed mail - SPF/DKIM/DMARC Quarantine/Reject options
This article covers which email options allow quarantined spoofed mail and which will reject it.

Personal Email Subscription message reports do not require authentication to view or release quarantined messages
How to limit risk by removing users from the reports, or blocking outbound report forwarding.

Protecting email from WannaCry worm
What should be done to protect AP-Email or Email Security Gateway and Cloud Email Security from the WannaCry disk encryption virus

Messages blocked with the reason "lexical rule (scan-failure)"
Modifying the option to quarantine messages when the lexical engine is unable to complete.


Which message types can a Personal Email Subscriber release from their message report?
There are some emails which only administrators can release from message centre in the Cloud Portal.

Outbound Message Quarantined by Authentium Antivirus
If Authentium Antivirus is triggering as false positive, it will need to be sent to Technical Support.

End-users are unable to send themselves a copy of the quarantined message notification page
How to receive a copy of the quarantined email message.

Cannot release email quarantined for "system [NDR-spoofed-outbound-msg]" from End User Message Report
Administrators have the ability to release quarantined email.

Legitimate messages are being quarantined and considered to be spoofed
Find out how to resolve and allow legitimate messages to be delivered.

Cloud and Hybrid Extended Maintenance Procedures
Emails in quarantine from the affected cluster may not be able to be released until maintenance is over. 

Cannot Release Messages from Message Queue
Troubleshooting the error "Cannot modify the message because it has been removed from the message queue."

Keywords: quarantine; email quarantine reason; email security settings; cloud email issues; emails stuck

Article Feedback

Thank you for the feedback and comments.