Search & Destroy
Search and Destroy, Sophos Email's new post-delivery protection capabilities for O365, is about finding malicious emails already in the mailbox of the users.
Sophos Email Advanced allows Sophos to identify and automatically remove emails containing malicious links and malware before a user clicks on them.
Sophos SND Quarantine Folder
The sophos_snd_quarantine is the folder that Office/Outlook creates for Search and Destroy, when you enable this feature, this allows Central Email to scan emails that are in O365 user inboxes, in case there are new detections created POST delivery. Once an email is in this folder the user can't access to the email until an Admin releases the email from central.
If the scanner finds the email has malicious components, it’ll put it into the 'Logs & Reports >> Email Security >> Post Delivery Summary" page, where the central Admin can either release the email or delete them.
Only the Central Email Admin user can release these emails, , they can be released by clicking on the Subject of the email, and clicking on the Release Button.
In collaboration with josepalad
[edited by: Raphael Alganes at 5:57 AM (GMT -7) on 7 Jun 2023]