This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 71%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Recently we have migrated our Exchange on-prem mailboxes to EXO (Hybrid Environment),and also have set MX record to ext-xxxxxxxx-xx.mail.protection.outlook.com. Therefor Emails, now are delivered through Exchange Online. Everything works fine so far, but I wonder because in Quarantine since several days there is not a single email with Quarantine Reason "Malware" or Policy Type "Anti-malware policy". Before, while we where on-prem, our AntiMalware Filter (Sophos) detected every day a few malware infected emails. Normally it can't be that since one week no infected emails did arrive our EXO.
From what I understand spam, phishing but also malware detected emails should be available in https://security.microsoft.com/quarantine and visible at least for admins.
Also "Notify an admin about undelivered messages from external senders" is set to yes and even Notification Policy is the same as for Spam, users get a quarantine list every day.
Am I completely wrong, or what might here be the point? IN the quarantine we have Spam, High Confidence Phish and Phish Quarantine Reason emails, even a few Transport Rule (what I configured as BlackList), but no Malware.
Any idea? I mean I could also be happy that we do not get malware, but honestly I am not quite sure about this fact. We are talking about 80 mailboxes.
On the other hand, I just did some more detailed tests, have sent me the eicar test virus and also have grabbed for an email with malware on my old scanning gateway and forwarded it to me. Both emails then have properly been detected as malware by EXO. So, basically it works indeed. But I still wonder how it come that within a whole week no other infected emails wehre detected, obviously we really got none, hmmm.
Or does eventually EXO have another more sophisticated malware detection which doesn't even deliver to quarantine regular viruses from the outside world? And my real infected (not the eicar one) email was just delivered into quarantine because it came from the hybrid peer?
kind regards,
Dieter
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @Anonymous ,
I have converted the comment to answer, you could "Accept Answer" to close this thread. Of course, you could also share further update about this issue here
Hi @Anonymous
Since you have test forwading malware emails to your organization and they have been properly detected as malware, which means this feature can work without issue.
And the process for EOP shows that malware emails will be quarantined.
In addition, the official document also points that:
So they will not get deleted or blocked directly. For other settings of anti-malware policies in EOP
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you, that's what I also thought. Since your answer is a comment only I cannot mark it as answer.
Hi @Anonymous ,
Thanks for your feedback, and if you still have further concern on this, please feel free to let us know :)
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in [our documentation][11] to enable e-mail notifications if you want to receive the related email notification for this thread.