EOP related

Question

I want to know what are the Extension restrictions of Exchange online protection that enforced by a system to prevent malware intrusion from email attachments?

Does following restrictions are correct or not according to microsoft Business Premium?

1.The mail system blocks emails with attachments that have specific file extensions from being received

2.exe, .pif, .scr, .bat, .com, .lnk, .cmd, .vbs, .cpl, .hta, .shs, .url, .desklink, .mapimail

Answer 1

The list of supported (and included by default) extensions can be found here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-about?view=o365-worldwide#anti-malware-policies

If you want to add to the list, you can do so by editing the policy configuration in the UI or via PowerShell. In addition, you can also consider mail flow rules: https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/common-attachment-blocking-scenarios

Answer 2

Hi @Nepali Sandhya ,

The attachment filter in the antimalware policy filters the following file types by default:

You can get the attachment type for the current organization's default malware filter policy with the following command:

(Get-MalwareFilterPolicy "Default").FileTypes -join (", ")

If you need to add the attachment types, please refer to the following command:

$FileTypesAdd = Get-MalwareFilterPolicy -Identity Default | select -Expand FileTypes
$FileTypesAdd += "dgz","mde"
Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true -FileTypes $FileTypesAdd

For more information, please refer to this link:

Set-MalwareFilterPolicy (ExchangePowerShell) | Microsoft Learn

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread