VIPRE Security Knowledge

IES Link Isolation

Super Administrator

Written By Marissa Fegan (Super Administrator)

Updated at July 9th, 2025

Table of Contents

Important Link Isolation's Workflow End User: What to Expect Configure Link Isolation Enable Link Isolation

VIPRE Email Security Link Isolation is like URL sandboxing for your email. When a user clicks on a URL within an email, the email is then scanned again and Link Isolation analyzes the URL. Rescanning the link at the time the user clicks on it, even if it happens days or months after receiving the email, provides stronger protection against zero-day threats. 

Important

Link Isolation within VIPRE IES works only with Inline Mode.

 

 

An email comes in that contains a link, and your employee clicks on the link.

  1. VIPRE receives the URL analysis request
  2. The link analysis service then simulates a session using the same browser and client type as the requestor
  3. During the simulation, VIPRE investigates the behavior of the site and:
    1. Analyzes the site's behavior
    2. Provides the analysis results, determining whether the site is malicious, suspicious, or unknown and classification
    3. Collects screenshot of the website's appearance, features, and a "sanitized", safe version of the site that can be replayed in the user's browser
  4. If the URL is deemed suspicious, the user sees a message indicating restricted access to the site with either a warning message before proceeding or a complete block

End User: What to Expect

After Link Isolation is enabled, when an end user clicks a URL within an email, they will experience the following based on the Click through action chosen on the URL Filter Configuration tab and any customizations made to the templates (see Step 3 - Templates above):

Warn and Allow Block

 

If you have chosen the click-through action of “Warn and Allow” you'll see a page similar to this.

 

If you have chosen the click-through action of "Block" you'll see a page similar to this.

At the bottom of the page, you'll see a small screenshot of the URL in question with options to: 

  • See a safe, stripped-down version of the page
  • To continue on to the whole site, accepting the risk
  • Report an error if this is a known clean and safe site

On the right side of the page, you'll see an embedded video called Phishing Defense Best Practices, which can be played from the Block page, PIP (picture-in-picture), or full-screen.

 

At the bottom of the page, you'll see a small screenshot of the URL in question with options to:

  • See a safe, stripped-down version of the page
  • Report an error if this is a known clean and safe site

 

Important

Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best plan of action for your organization before implementation.

The scanning and analysis processes for Link Isolation can take up to approximately 20-30 seconds. During that time, important steps are taking place - some of these steps include loading the URL into the cloud browser, waiting for all embedded scripts to fully execute, and putting the page through a series of tests.

You can fine-tune the system by ensuring all sites/domains that are used frequently by your organization and are known to be safe have been added to the Allowed IPs/Domains tab.

 

To configure the VIPRE Email Security Cloud Link Isolation add-on, complete the following steps:

  1. From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
  2. You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
    1. Select a tab below to learn more about each option

 

URL Filter Config

  1. On the URL Filter Configuration tab, select from the following options:
    • Click-time Protection
      • Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
      • Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
      • Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
    • URL Rewriting
      • Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
  2. Click Save

 

 
 

Allowed IPs/Domains

  1. On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
    • Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
    • VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
  3. Click Save

To search for a previously allowed IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously allowed IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen

 

 

 
 

Denied IPs/Domains

To add an IP address or domain that you want to deny:

  1. On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
    • Any untrusted IP address or domain can be added to this list
  3. Click Save

To search for a previously denied IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously denied IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen 
 
 

Templates

  1. This allows you to customize the message that your users see:
    1. When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
    2. When attempting to access an IP address or domain that has been denied
  2. Click Save

 See End User: What to Expect above for screenshots of what these templates look like.

 
 

Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation. 

  1. Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Congratulations! Link Isolation is now configured and enabled. 

 

 

 

Related Articles

VSM - Remote Browser Isolation

EDR - Remote Browser Isolation Remote Browser Isolation (RBI) allows users to rev...

IES Action Rules

VIPRE Integrated Email Security (IES)'s Action Rules under the Settings menu allo...