New-MalwareFilterPolicy

This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other. Use the New-MalwareFilterPolicy cmdlet to create malware filter policies in your organization. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).

Syntax

New-MalwareFilterPolicy
   [-Name] <String>
   [-Action <DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText>]
   [-AdminDisplayName <String>]
   [-BypassInboundMessages <$true | $false>]
   [-BypassOutboundMessages <$true | $false>]
   [-Confirm]
   [-CustomAlertText <String>]
   [-CustomExternalBody <String>]
   [-CustomExternalSubject <String>]
   [-CustomFromAddress <SmtpAddress>]
   [-CustomFromName <String>]
   [-CustomInternalBody <String>]
   [-CustomInternalSubject <String>]
   [-CustomNotifications <$true | $false>]
   [-DomainController <Fqdn>]
   [-EnableExternalSenderAdminNotifications <$true | $false>]
   [-EnableExternalSenderNotifications <$true | $false>]
   [-EnableInternalSenderAdminNotifications <$true | $false>]
   [-EnableInternalSenderNotifications <$true | $false>]
   [-ExternalSenderAdminAddress <SmtpAddress>]
   [-InternalSenderAdminAddress <SmtpAddress>]
   [-WhatIf]
   [-EnableFileFilter <$true | $false>]
   [-FileTypes <String[]>]
   [-ZapEnabled <$true | $false>]
   [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).

Examples

-------------------------- Example 1 --------------------------

New-MalwareFilterPolicy -Name "Contoso Malware Filter Policy" -EnableInternalSenderAdminNotifications $true -InternalSenderAdminAddress admin@contoso.com

This example creates a new malware filter policy named Contoso Malware Filter Policy with the following settings:

  • Block messages that contain malware.

  • Don't notify the message sender when malware is detected in the message.

  • Notify the administrator admin@contoso.com when malware is detected in a message from an internal sender.

Required Parameters

-Name

The Name parameter specifies a name for the malware filter policy. If the value contains spaces, enclose the value in quotation marks (").

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection

Optional Parameters

-Action

The Action parameter specifies the action to take when malware is detected in a message. Valid values are:

  • DeleteMessage: Deletes the message. This is the default value.

  • DeleteAttachmentAndUseDefaultAlert: Delivers the message, but replaces the message contents with the default alert text.

  • DeleteAttachmentAndUseCustomAlert: Delivers the message, but replaces the message contents with the custom alert text specified by the AlertText parameter.

Type:DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-AdminDisplayName

The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks (").

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-BypassInboundMessages

This parameter is available only in on-premises Exchange.

The BypassInboundMessages parameter skips or enforces malware scanning on incoming messages. Valid input for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on incoming messages by default.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016
-BypassOutboundMessages

This parameter is available only in on-premises Exchange.

The BypassOutboundMessages parameter skips or enforces malware scanning on outgoing messages. Valid input for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on outgoing messages by default.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomAlertText

The CustomAlertText parameter specifies the custom alert text to insert in the message when malware is detected and the value of the Action parameter is set to ReplaceWithCustomAlert. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomExternalBody

The CustomExternalBody parameter specifies the body of the custom notification message that's sent to an external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomExternalSubject

The CustomExternalSubject parameter specifies the subject of the custom notification message that's sent to an external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomFromAddress

The CustomFromAddress parameter specifies the From address of the custom notification message that's sent to an internal or external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:SmtpAddress
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomFromName

The CustomExternalFromName parameter specifies the From name of the custom notification message that's sent to internal or external senders when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomInternalBody

The CustomInternalBody parameter specifies the body of the custom notification message that's sent to an internal sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomInternalSubject

The CustomInternalSubject parameter specifies the subject of the custom notification message that's sent to an internal sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-CustomNotifications

The CustomNotifications parameter enables or disables the custom notification message to the sender when the message contains malware. Valid input for this parameter is $true or $false. The default value is $false.

If you enable custom notification messages by setting this parameter to $true, you specify the details of the custom notification message using the CustomFromAddress,CustomFromName, CustomExternalSubject, CustomExternalBody, CustomInternalSubject and CustomInternalBody parameters.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-DomainController

This parameter is available only in on-premises Exchange.

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

Type:Fqdn
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016
-EnableExternalSenderAdminNotifications

The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to an administrator when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The default value is $false.

Specify the administrator to receive the notification messages by using the ExternalSenderAdminAddress parameter.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-EnableExternalSenderNotifications

The EnableExternalSenderNotifications parameter enables or disables sending notification messages to senders when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The default value is $false.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-EnableFileFilter

The EnableFileFilter parameter enables or disables common attachment blocking. Valid values are:

  • $true: Common attachment blocking is enabled.

  • $false: Common attachment blocking is disabled.

To configure the blocked file types, use the FileTypes parameter.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2016, Exchange Online, Exchange Online Protection
-EnableInternalSenderAdminNotifications

The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to an administrator when malware is detected in messages from internal senders. Valid input for this parameter is $true or $false. The default value is $false.

Specify the administrator to receive the notification messages by using the InternalSenderAdminAddress parameter.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-EnableInternalSenderNotifications

The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to senders when malware is detected in messages from internal senders. Valid input for this parameter is $true or $false. The default value is $false.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-ExternalSenderAdminAddress

The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notifications messages when messages from external senders contain malware. Notification messages are sent to the specified email address only if the EnableExternalSenderAdminNotifications parameter is set to $true.

Type:SmtpAddress
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-FileTypes

The FileTypes parameter specifies the file types that are blocked by common attachment blocking. The default values are:

  • ace

  • ani

  • app

  • docm

  • exe

  • jar

  • reg

  • scr

  • vbe

  • vbs

You enable or disable common attachment blocking by using the EnableFileFilter parameter.

Common attachment blocking uses best effort true-typing to detect the file type regardless of the file name extension. If true-typing fails or isn't supported for the specified file type, then extension matching is used. For example, ps1 files are Windows PowerShell scripts, but their true type is text.

To replace the existing list of file types with the values you specify, use the syntax <FileType1>,<FileType2>,...<FileTypeN>. To preserve existing values, be sure to include the file types that you want to keep along with the new values that you want to add.

To add or remove file types without affecting the other file type entries, see the Examples section in the Set-MalwareFilterPolicy cmdlet topic.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2016, Exchange Online, Exchange Online Protection
-InternalSenderAdminAddress

The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notifications messages when messages from external senders contain malware. Notification messages are sent to the specified email address only if the EnableInternalSenderAdminNotifications parameter is set to $true.

Type:SmtpAddress
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Online, Exchange Online Protection
-ZapEnabled

The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user's Inbox. Valid values are:

  • $true: ZAP for malware is enabled. Unread messages in the user's Inbox that contain malware are moved to the Junk Email folder. This is the default value.

  • $false: ZAP for malware is disabled.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2016, Exchange Online, Exchange Online Protection

Inputs

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.

Outputs

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.