https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258635#M679 <P>Definitely should have been deleted, agree.</P> <P>Andy</P> Wed, 01 Oct 2025 05:04:11 GMT the_rock 2025-10-01T05:04:11Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257975#M672 <P>We are experiencing an issue with Harmony Email security and would like your assistance.</P><UL><LI><P>On <STRONG>8th September</STRONG>, a phishing email was successfully blocked by Harmony Email.</P></LI><LI><P>On <STRONG>19th September</STRONG>, a <STRONG>similar phishing email from a different sender</STRONG> was delivered to the customer’s mailbox.</P></LI><LI><P>The phishing email on 19th September was <STRONG>not blocked by Harmony Email</STRONG> and we were unable to find any related logs for this event.</P></LI><LI><P>Email tracing shows that the message hit the <STRONG>Microsoft external email header policy</STRONG>, but it did not trigger any <STRONG>Check Point policy enforcement</STRONG>.</P></LI><LI><P>Despite this, the email still reached the customer mailbox.</P></LI></UL><P><STRONG>Concerns / Questions:</STRONG></P><OL><LI><P>Why did Harmony Email fail to block the phishing email on 19th September?</P></LI><LI><P>Why are there no Harmony Email logs for this email?</P></LI><LI><P>Why was the message processed only under Microsoft’s external header policy and not evaluated by Check Point’s security controls?</P></LI></OL> Tue, 23 Sep 2025 11:04:47 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257975#M672 Nishanthan 2025-09-23T11:04:47Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257976#M673 <P>Do you have a SR# wuth CP TAC open already to get these questions answered?</P> Tue, 23 Sep 2025 11:35:02 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257976#M673 G_W_Albrecht 2025-09-23T11:35:02Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257988#M674 <P>For something like this, I would definitely open TAC case. In the meantime, are there any relevant logs you can send us?</P> <P>Andy</P> Tue, 23 Sep 2025 12:46:30 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/257988#M674 the_rock 2025-09-23T12:46:30Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258001#M675 <P>Specific instances of false positives/false negatives should be addressed via TAC.</P> Tue, 23 Sep 2025 14:07:09 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258001#M675 PhoneBoy 2025-09-23T14:07:09Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258634#M678 <P>We raised a service request, and their response was that <EM>“this user is not a protected user.”</EM> That part is correct, since the object in question is not an individual user but a Microsoft group. However, inside this group there are multiple protected users. The concern is why the email was still delivered to those protected users and not blocked. Additionally, we need to understand why the message was not automatically deleted from the inboxes of those protected users.</P> Wed, 01 Oct 2025 04:42:33 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258634#M678 Nishanthan 2025-10-01T04:42:33Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258635#M679 <P>Definitely should have been deleted, agree.</P> <P>Andy</P> Wed, 01 Oct 2025 05:04:11 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258635#M679 the_rock 2025-10-01T05:04:11Z https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258860#M680 <P>Hey mate,</P> <P>Any news about this? What did TAC say?</P> <P>Best,</P> <P>Andy</P> Fri, 03 Oct 2025 02:06:09 GMT https://community.checkpoint.com/t5/Email-and-Collaboration/A-phishing-email-bypassed-the-Check-Point-security-controls/m-p/258860#M680 the_rock 2025-10-03T02:06:09Z