this is just to alert MS Security Team that the 'ZAP' not worked as expected and MS Antispam services also failed to detect a email pishing. Few minutes ago a customer send me a whastapp image about outlook shows a msg about 'c:\users\aline\AppData\localpixelcryto\pixelcryptoa.exe' and also about 'c:\users\aline\AppData\localpixelcryto\pixelcryptob.exe'; that msg comes with a '.doc' attachment.
Using the 'Security and Compliance Center' we cannot create alert to MS since shows that msg ID was invalid, until we copy all headers and put on the 'MS Connectivity Analyzer/Message Analyzer' website and then use the header 'X-MS-Exchange-Organization-Network-Message-Id' = reported fine!
TheFOREFRONT failed to protect.Maybe MS dev team should use some filter when Word, Excel and PowerPoint tries to open a file, before open itself, try to scan it!!
TheWindows Defender failed to detect fileon Windows, maybe regkeys to 'run' when starts should be more protected because due to some applications we need put user as 'local admin'.
The good news was that without restart the PC, the Sophos Endpoint was installed, malware detected and fixed reg keys also. After restart PC and open MS Outlook again we realize that this msg has 'zero-hour auto purge text file' - maybe that delay on detect could be infect more user around world.