cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Malware Filter Rules

cedric_menzi
Copper Contributor

‎Jun 29 2021 04:13 AM

‎Jun 29 2021 04:13 AM

Malware Filter Rules

Hey guys,

 

I've got a Problem: I've created multiple Malware Filter Rules which all have Extension Filter activated. But now only the rule with Priority 0 blocks extensions like ".docm". Is this normal? Is it possible to solve this?

 

Thanks in advance...

Labels:
996 Views
0 Likes
5 Replies
Reply
5 Replies
Vasil Michev

‎Jun 29 2021 10:03 AM

‎Jun 29 2021 10:03 AM

Re: Malware Filter Rules

Do you perhaps have the "stop processing other rules" option toggled? A message trace would tell you that (the detailed one): https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac

Also check the conditions/exceptions, make sure that the message is actually matching them.
0 Likes
Reply
cedric_menzi

‎Jun 29 2021 02:42 PM

‎Jun 29 2021 02:42 PM

Re: Malware Filter Rules

@Vasil Michev 

 

Thanks for your tip, but I can't find the option to stop other rules from being processed... Where can I find it? I know where to find it for anti-spam rules but not for malwarefilter rules.

0 Likes
Reply
best response confirmed by cedric_menzi (Copper Contributor)
Vasil Michev

‎Jun 29 2021 11:15 PM

‎Jun 29 2021 11:15 PM

Solution

Re: Malware Filter Rules

Oh, that's on me, I though you're talking about mail flow rules... Lost in translation again :)
When it comes to Malware filter policies, processing is always stopped once the first matching policy is triggered, as detailed here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-p...
So if you have multiple policies, you need to scope them to cover different users/groups/domains, otherwise any "lower" priority policy will be ignored.
0 Likes
Reply
cedric_menzi

‎Jun 30 2021 01:13 PM

‎Jun 30 2021 01:13 PM

Re: Malware Filter Rules

@Vasil Michev
I guess I'll have to search for another solution. :( Thanks for your help!
0 Likes
Reply
Stuart Hargreaves

‎Jul 27 2021 01:28 AM - edited ‎Jul 27 2021 01:32 AM

‎Jul 27 2021 01:28 AM - edited ‎Jul 27 2021 01:32 AM

Re: Malware Filter Rules

Have you considered www.spambrella.com as a bolt on? (I work for Spambrella) Far easier to administer and uses enterprise services stacked on the backend for optimum performance. 85% of the Spambrella customer base are O365/Azure users.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by cedric_menzi (Copper Contributor)
Vasil Michev

‎Jun 29 2021 11:15 PM

‎Jun 29 2021 11:15 PM

Solution

Re: Malware Filter Rules

Oh, that's on me, I though you're talking about mail flow rules... Lost in translation again :)
When it comes to Malware filter policies, processing is always stopped once the first matching policy is triggered, as detailed here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-p...
So if you have multiple policies, you need to scope them to cover different users/groups/domains, otherwise any "lower" priority policy will be ignored.

View solution in original post

0 Likes
Reply