In what order are the various policies processed on the ESA? I've been under the impression that it's similar to a firewall ACL; processing starts at the top and flows down until a policy is matched, then all other processing stops (unless "Continue Processing" is one of the selected options), or in the case of the ESA all Threat Protection policies are processed, then Anti-Spam policies, Data Control, etc.
I ask because I've set up End User Web Quarantine for my users, sending only Medium Spam to the quarantine, which, if my theory is sound, should be processed after all of the Threat Protection policies. However, in my testing of releasing email from quarantine nothing that should have been marked with Time of Click is getting tagged, nor are the URLs being rewritten.
Can someone please enlighten me on the process?
Thank you.
This thread was automatically locked due to age.