Article Number

000006147

Question
How do I ensure my Proofpoint Security Awareness Training products run properly using Proofpoint
Protection Services?
Answer
You must complete the following steps in order to safelist Security Awareness Training in Proofpoint
Protection Services. ALL steps must be completed.
See the Safelisting Guide for the list of IPs needed.
Create a Policy Route of the necessary IPs
1. Click on System at the top, then Policy Route on the menu on the left
2. Click New Route at the top of the page
3. Give the Route an ID (No Spaces) and a Description (Suggest Proofpoint_PSAT)
4. Click on Add Condition
5. Select Sender IP Address for the Condition
6. Select Equals for the Operator
7. Enter one of the IP addresses for your region (Safelisting Guide)
8. Click Add and New Condition to enter the next IP
9. Repeat Steps 4 ~ 8 using the OR radio button at the top until all IPs are entered
10. Click Add Condition to close the pop-up
11. Click Save Changes at the top to save the Policy Route
Article Number
000006147

Use the Policy Route to bypass the Spam Module

1. Click on Email Protection > Spam Detection > Settings > General
2. Verify Disable Processing for Selected Policy Routes is enabled
• If not, click the checkbox to enable the feature
3. Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to
the Disable for any of box
4. Click Save Changes

Use the Policy Route to Bypass the Anti-Spoofing Rules

1. Click on Email Protection > Email Firewall > Rules
2. Click Edit Rule for your current, active, anti-spoofing rule
3. Under Conditions, verify Disable Processing for Selected Policy Routes is enabled.
• If not, click the checkbox to enable the feature
4. Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to
the Disable for any of box
5. Click Save Changes
Article Number
000006147

Use the Policy Route to Bypass the Anti-Virus Rule (CLEAR

Implementations)
1. Click on Email Protection > Virus Protection > Settings > Rules
2. Verify Disable Processing for Selected Policy Routes is enabled
• If not, click the checkbox to enable the feature
3. Under Conditions, verify Disable Processing for Selected Policy Routes is enabled
• If not, click the checkbox to enable the feature
4. Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to
the Disable for any of box
5. Click Save Changes

Use the Policy Route to Bypass TAP Attachment Defense

1. Click on Email Protection > Targeted Attack Protection > Attachment
Defense > Settings
2. Verify Disable Processing for Selected Policy Routes is enabled
• If not, click the checkbox to enable the feature
3. Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to
the Disable for any of box
4. Click Save Changes
Article Number
000006147

If additional filtering is occurring after PPS\TAP, it will be necessary to create an additional rule to
add a header and value to the email for further safelisting downstream.
Create a Rule for adding a header using the created Policy Route
1. Click on Email Protection > Email Firewall > Rules
2. Click Add Rule
3. Enable the new rule by clicking the On option under Enable
4. Give the Route an ID (No Spaces) and a Description
5. Click the option to Restrict Processing and select the Policy Route previously created
6. Click Add Condition
7. Select Message Size for the Condition and Greater Than or Equal for the Operator
8. Set the Value for 1 then click Add Condition
9. Under Dispositions, click Change Message Header
10. Select Add Header for the Operation
11. Provide a name for the Header, then add a Value
12. Click Add, then Save to make the rule active

Note: When generating a header, create one that aligns to your organization’s standards and allows
Administrators to easily identify.
If the message from the PSAT Platform is still being blocked, first use PPS SmartSearch and
Exchange Search to see what is blocking the messages.