How to reduce malware threats through file attachment blocking in Exchange Online Protection

Original KB number:   2959596

Summary

Most malware that enters an environment through email does so through an executable payload that's attached to an email message.

To reduce your risk from malware that may not be detected by Exchange Online Protection, you should enable file type blocking and file name extension blocking. This article describes how to do this.

Resolution

To create a rule to block attachments that contain executable content in Exchange Online Protection, follow these steps:

  1. Sign in to the Exchange admin center.
  2. Select mail flow, select rules, select New (the plus button), and then select Create a new rule.
  3. In the Name box, specify a name for the rule, and then select More options.
  4. Under Apply this rule if, point to Any attachment, and then select has executable content near the bottom of the page.
  5. Under Do the following, point to Block the message, and then select the action that you want.
  6. Select save.

The following is a screenshot of a sample rule.

Screenshot of the Exchange admin center, showing an example rule

More information

Microsoft is continually updating its virus definition catalog based on submissions. However, to provide customers with the most immediate and effective defense, a file filter block policy is critical.

For more information about malware defense practices and strategies, see the following Microsoft resources:

Still need help? Go to Microsoft Community.