0

I want the following:

  • If the a message contains known malware, delete it. (= Protection from known vulnerabilities)
  • If a message does not contain know malware but contains a "potentially dangerous attachment", keep the message but replace the attachment with a message. (= Protection from zero-day vulnerabilities)

Office 365 offers Common Attachment Blocking, which does something similar, but not exactly the same:

  • If a message contains a "potentially dangerous attachment", treat it like malware. If malware is found:

    1. Keep the message but replace the attachment with a message (or inform an administrator) or
    2. delete it.

Obviously, none of these two options is even remotely usable: The first option does not silently delete known malware, thus bothering users and/or administrators with messages that could safely be deleted, and the second option could cause benign e-mails to be lost.

Is it possible to configure a "sane" policy (as described at the top of my question) in Exchange Online?

Heinzi
  • 2,138
  • 5
  • 30
  • 51
  • I honestly don't understand the dilemma here. What you want 1) If the a message contains known malware, delete it. (= Protection from known vulnerabilities) and 2) If a message does not contain know malware but contains a "potentially dangerous attachment", keep the message but replace the attachment with a message. (= Protection from zero-day vulnerabilities) is already implemented. Note that EOP offers Anti-malware protection that is different from Common Attachment Blocking: https://technet.microsoft.com/en-us/library/jj200731(v=exchg.150).aspx – Noor Khaldi Apr 11 '17 at 20:15
  • @NoorKhaldi: Have a look at the screenshots in the link in my question: You need to change the *general* malware detection response to be able to only delete attachments in the case of non-recognized-malware, but potentially dangerous attachments. – Heinzi Apr 12 '17 at 07:28
  • Sorry, but I still don't see the problem, perhaps reading through this will help? https://technet.microsoft.com/en-us/library/jj200664(v=exchg.150).aspx and https://technet.microsoft.com/en-us/library/jj723164(v=exchg.150).aspx – Noor Khaldi Apr 13 '17 at 19:46
  • @NoorKhaldi: Sorry, doesn't help. What exactly is unclear about my question? I'd love to improve it. – Heinzi Apr 14 '17 at 07:41

0 Answers0