Forum Discussion

jmn05's avatar
jmn05
Copper Contributor
Dec 20, 2023

Antimalware Filter Causing NDRs

I have an antimalware policy set up which uses the common attachment filter. The issue I am having that if this policy is set, no further analysis appears to be done. An NDR will be generated with th...
microsoft defender for office 365
Ben_Harris's avatar
Ben_Harris
Icon for Microsoft rankMicrosoft
Dec 22, 2023

jmn05 Hey there! - thanks for your question and hope you're well.

The common attachment filter simply checks for file types, it does not check for malware. - Essentially the list of files specified in the common attachment filter's settings will always be blocked, so it's how you can set a policy like "regardless of content, I don't want .vbs files being emailed to my users" etc.

So the expectation that an NDR is being generated, and no further analysis is being done is expected in this instance. (I hope I've got your question right thus far!)

With regards to NDRs - I'm not seeing them get blocked when I replicate this in my tenant, I get an NDR from M365 with the detail, I'm also seeing it correctly processed on it's outbound route. - I can only guess there's an additional hop or some other complexity catching it and stopping the NDR?

Error: 550 5.0.350 One or more of the attachments in your email is of a file type that is NOT allowed by the recipient's organization.

Resources