Allow list to bypass attachments quarantine by Malware Agent

%3CLINGO-SUB%20id%3D%22lingo-sub-2137428%22%20slang%3D%22en-US%22%3EAllow%20list%20to%20bypass%20attachments%20quarantine%20by%20Malware%20Agent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2137428%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20Exchange%202013%20CU23%20on-premises.%26nbsp%3B%20We%20use%20Knowbe4%20to%20send%20phishing%20test%20to%20employees.%26nbsp%3B%20Some%20phishing%20emails%20have%20Word%2C%20Excel%20or%20Powerpoint%20attachments.%26nbsp%3B%20The%20malware%20gents%20quarantines%20the%20attachment%20and%20replaces%20the%20attachment%20with%20a%20text%20file.%26nbsp%3B%20I%20have%20installed%20the%20Connection%20Filtering%20Agent%20and%20added%20Knowbe4's%20phishing%20email%20server%20ip%20addresses%20using%20Add-IPAllowListEntry.%26nbsp%3B%20The%20only%20way%20to%20get%20the%20email%20attachment%20is%20to%20set%20the%20malware%20filter%20to%20bypass%20filtering%20to%20true.%26nbsp%3B%20Knowbe4%20uses%20a%20sender's%20email%20address%20that%20is%20not%20knowbe4.com.%26nbsp%3B%20I%20added%20a%20sample%20email%20address%20to%20BypassSenderDomains%20and%20email%20attachment%20was%20quarantined.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20Exchange%202013%20on-premises%20have%20the%20ability%20to%20bypass%20the%20email%20attachment%20scan%20using%20a%20whitelist%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20all%20replies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJason%20M.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2137428%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2013%20Exchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eantimalware%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

We have Exchange 2013 CU23 on-premises.  We use Knowbe4 to send phishing test to employees.  Some phishing emails have Word, Excel or Powerpoint attachments.  The malware gents quarantines the attachment and replaces the attachment with a text file.  I have installed the Connection Filtering Agent and added Knowbe4's phishing email server ip addresses using Add-IPAllowListEntry.  The only way to get the email attachment is to set the malware filter to bypass filtering to true.  Knowbe4 uses a sender's email address that is not knowbe4.com.  I added a sample email address to BypassSenderDomains and email attachment was quarantined.  

 

Does Exchange 2013 on-premises have the ability to bypass the email attachment scan using a whitelist?

 

Thanks for all replies.

 

Jason M.

0 Replies