Office 365 Anti Malware

Hello,

By default, Office 365 does provide a protection about malware, and you can configure it to warn administrators if some malwares are detected.

Office 365 Anti Malware

Anti Malware In Exchange Online

Anti Malware In Exchange Online

But, by default Exchange Online does a very poor job at filtering email with potential threats, that’s why you need to create a rule to protect your-self :

Create Anti Malware Rule 1

Create Anti Malware Rule – New Rule

Name it as you want, pick something you will remember, and then click on “More Options…”

Create Anti Malware Rule 2

Create Anti Malware Rule – Name and advanced options

Select to apply the rule if any attachments has executable content :

Create Anti Malware Rule 3

Create Anti Malware Rule – Apply if

Block the message with an explanation :

Create Anti Malware Rule 4

Create Anti Malware Rule – Block the message

Specify the rejection reason :

Create Anti Malware Rule 5

Create Anti Malware Rule – Rejection reason

Untick the audit box, and then click on save :

Create Anti Malware Rule 6

Create Anti Malware Rule – Audit

And here your Office 365 Anti Malware rule go, you can see a quick resume and on the right :

Create Anti Malware Rule 7

Create Anti Malware Rule – Resume

The rule will reject any email containing executable content like : .dll,.exe,.jar,.obj,.vxd,.os2,.w16,.dos,.com,.pif

and is maintained by Microsoft, and will look inside zip files.

You can find some best practices for Exchange Online Protection from Microsoft here :

https://technet.microsoft.com/en-us/library/jj723164%28v=exchg.150%29.aspx

If you want to go further, you can subscribe to Exchange Online Advanced Threat Protection that will go far more deeper in attachment scanning to protect you.

PowerShell way

If you enabled PowerShell logging, you can see the PowerShell OneLiner to do this :

New-TransportRule -AttachmentHasExecutableContent:$true -RejectMessageReasonText 'Has executable content' -Name 'Block Executable Content' -StopRuleProcessing:$false -SetAuditSeverity 'DoNotAudit' -Mode 'Enforce' -Comments '' -RuleErrorAction 'Ignore' -SenderAddressLocation 'Header'

Way more faster than all of those clicks !

0 thoughts on “Office 365 Anti Malware

  1. Good article butni can note some stranges things, in the list of extension you specify \”.rar\” but it\’s not an executable extension file but a compressed file.
    And you repeat \”.exe\” more than once.

Leave a Reply