Sophos Central Admin: Sophos Central Engineering will be performing routine maintenance to Sophos Central on Saturday February 1, 2020 starting at 13:00 (UTC). For more info please see KBA 133402.

Phish Threat - Attachment Emails and Word Protected View

Hi Everyone!


We are having an issue with Attachment campaigns.

Because we have Protected View enabled for almost everything in Microsoft Word, the content of the attachments is getting blocked on Sophos Phish Threat attachment emails. This is causing Phish Threat to not register the user as "Caught" unless they click "Enable Editing" on the document.


Is there a way we can allow content from Sophos through the Protected View filter so that it registers the user as "Caught" as soon as they open the attachment?

Or is there any other setting we can change so that it registers the user as "Caught" without them having to Enable Editing on the Word attachment?



  • Hi Ven,

    Thanks for reaching out!

    Unfortunately this behavior is a result of the added layer of protection that Microsoft provides with their Protected View mode. I don't believe that Microsoft currently has a setting to configure what you are trying to setup:

    Apologies for this inconvenience. However this behavior does also allow you to follow up and educate users about Protected View and why it's unsafe to enable editing on unrecognized documents.

    Reference: Microsoft Protected View