Forum Discussion

MarxAndreas's avatar
MarxAndreas
Copper Contributor
May 24, 2020

"Common Attachment Types Filter" and file types known by Office 365

Hi.

 

I was wondering, if there is some reference or powershell cmdlet to get all the built in file types (96 are shown in the EAC) in antimalware policies:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-worldwide#anti-malware-policies

 

Furthermore, I wonder which file types Exchange Online or Office 365 can recognize regardless of the file extension. I can add xlsm as a file type in an antimalware policy, and then Excel macros will also be filtered, even I give them another extension. Why are Excel macros not included in the 96 built-in lists of the antimalware policies by default?

 

Other palces, where file types play a role:

Transport Rules

OWA Policies

Outlook Desktop Clients

DLP

Security and Compliance

...

 

It is quite confusing that the documentation of the individual areas always describes different file types.

 

How do I know, which file types I can add where to get them procecced regardless of the file name extension?

 

Hope someone can help here.

 

Best regards

Andreas

exchange
office 365
security

2 Replies

  • AndreasMarx's avatar
    AndreasMarx
    Copper Contributor
    Jun 20, 2020
    Hi.
    Is there no one to answer this question? Help would be really appreciated.

    Best regards Andreas
    • pheeeling's avatar
      pheeeling
      Brass Contributor
      Jun 23, 2020

      Hi AndreasMarx 

      Excel Macro is still quite widespread so you can't automatically exclude it (I know sounds strange).

      I think following statement clears out the situation. Inspectable file extensions are known to antimalware policies and don't really on name comparision.

      https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-worldwide#how-can-i-configure-the-service-to-block-specific-executable-files-such-as-exe-that-i-fear-may-contain-malware

       

      Following section talks about the inspectable filetypes. Take a look if it helps you.

      https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection

       

      With those documentation I would start my scenario's.

       

      Hope it helps.

       

      Regards