When Advanced Threat Protection (ATP) is enabled on the ATP Settings page, inbound email attachments are scanned for threats based on policies configured on the Inbound Settings > Content Policies page. Discovered attachments display in the Overview > ATP Log page, and messages blocked by ATP display in the Message Log.
You can export that messages currently display in the ATP Log table to a CSV file. Click Export List as CSV to save the file to your local system.
ATP Log Table
Status – Displays the message status as determined by ATP:
- Clean – No viruses were found during scan.
- Suspicious – Attachment determined to be suspicious.
- Infected – One or more threats detected.
- Scanning – If Enable Advanced Threat Protection is set to Deliver First, then Scan on the ATP Settings page, the status displays as Scanning until the ATP service determines whether the attachment is determined to be Clean, Infected, or Suspicious. Once the scan is complete, the status updates accordingly.
- Error – The ATP service returned an error and the attachment health was not determined. The message should not be delivered.
- Time – Date and time message was processed.
- From – Sender email address; this may not match address in the header that mail clients display to the end-user.
- To – Recipient email address(es).
- Subject – Click to go to the Message Log where you can click on the message for additional details.
- File Name – Attachment name.
- File Type – Attachment file type.
- Report – Click to view the ATP report for the selected message.