How can we improve?

Allow admin to approve items quarantined by vsapi

Running the VSAPI background check seems like a nice idea at first, until it quarantines items it shouldn't, and there is no option for an admin to un-quarantine them.

We ran the background check and it quarantined important historical legal emails because they had attachments containing b2b macros that we expected to find, but which the macro checker on one of the AV engines apparently objected to.

We had previously run the background checker without an issue, but on this pass computer said NO to these items.

Now, having quarantined them via the VSAPI background checker, ME provides no option for an admin to "un-quarantine" them, with GFI support saying it's "as designed". If you try it, you get the message - Error: 'Email with id xx cannot be approved since it was blocked by VSAPI'

It is quite unacceptable that GFI denies a customer access to their own data, regardless of what risk-level an algorithm might determine.

There needs to be a way to undo this action, and allow for either unintended settings or errant scanning of mail items.

1 vote
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Mike Bundy shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Robert Affleck commented  ·   ·  Flag as inappropriate

    This is pretty bad. My org just "lost" 1200 or so messages due to "Failed [VSE]" via Information Store Protection and they are now in a useless quarantine as I cannot approve or have them re scanned. Uncool GFI.

  • Roland Desort commented  ·   ·  Flag as inappropriate

    Having the same problem for a few weeks now. And it's July 2017 now. Is there anyone home at GFI? We are quite near deainstalling GFI.

  • Mike Bundy commented  ·   ·  Flag as inappropriate

    I just posted a comment and have no idea if it was successful - I'm not going to waste my time trying to rewrite the entire message.

    The bottom line here is that "potentially malicious" doesn't cut it.

    These items were quarantined because of a false positive, but because they were detected (incorrectly) via the VSAPI there is apparently no way to release them from quarantine, and resorting to an Exchange Backup to restore items is not a practical solution. If the items are in the quarantine database, there MUST be a way to recover/release them.

    GFI does not have the right to remove access to company information, without providing a means to restore that information.

Feedback and Knowledge Base