SOLVED

Malware Filter Rules

Copper Contributor

Hey guys,

 

I've got a Problem: I've created multiple Malware Filter Rules which all have Extension Filter activated. But now only the rule with Priority 0 blocks extensions like ".docm". Is this normal? Is it possible to solve this?

 

Thanks in advance...

5 Replies
Do you perhaps have the "stop processing other rules" option toggled? A message trace would tell you that (the detailed one): https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac

Also check the conditions/exceptions, make sure that the message is actually matching them.

@VasilMichev 

 

Thanks for your tip, but I can't find the option to stop other rules from being processed... Where can I find it? I know where to find it for anti-spam rules but not for malwarefilter rules.

best response confirmed by cedric_menzi (Copper Contributor)
Solution
Oh, that's on me, I though you're talking about mail flow rules... Lost in translation again :)
When it comes to Malware filter policies, processing is always stopped once the first matching policy is triggered, as detailed here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-p...
So if you have multiple policies, you need to scope them to cover different users/groups/domains, otherwise any "lower" priority policy will be ignored.
@VasilMichev
I guess I'll have to search for another solution. :( Thanks for your help!

Have you considered www.spambrella.com as a bolt on? (I work for Spambrella) Far easier to administer and uses enterprise services stacked on the backend for optimum performance. 85% of the Spambrella customer base are O365/Azure users.

1 best response

Accepted Solutions
best response confirmed by cedric_menzi (Copper Contributor)
Solution
Oh, that's on me, I though you're talking about mail flow rules... Lost in translation again :)
When it comes to Malware filter policies, processing is always stopped once the first matching policy is triggered, as detailed here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-p...
So if you have multiple policies, you need to scope them to cover different users/groups/domains, otherwise any "lower" priority policy will be ignored.

View solution in original post