反垃圾邮件和反恶意软件保护 [EOP]]Anti-spam and anti-malware protection[EOP]]

在没有 Exchange Online 邮箱的独立 Exchange Online Protection (EOP)组织中,EOP 提供内置的恶意软件和垃圾邮件筛选功能,可帮助保护入站和出站邮件免受恶意软件的攻击,并帮助保护您的网络免受通过电子邮件传输的垃圾邮件的攻击。In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email. 管理员无需设置或维护默认情况下启用的筛选技术。Admins do not need to set up or maintain the filtering technologies, which are enabled by default. 但是,管理员可以进行特定于公司的筛选自定义。However, admins can make company-specific filtering customizations.

要查找有关 EOP 所有功能的信息吗?Looking for information about all EOP features? 请参阅Exchange Online Protection 服务说明See the Exchange Online Protection service description.

反恶意软件保护Anti-malware protection

使用多个反恶意软件引擎,EOP 将提供设计用于捕获所有已知恶意软件的多层保护。Using multiple anti-malware engines, EOP offers multilayered protection that's designed to catch all known malware. 将扫描通过服务传输的邮件是否有恶意软件(病毒和间谍软件)。Messages transported through the service are scanned for malware (viruses and spyware). 如果检测到恶意软件,邮件将被删除。If malware is detected, the message is deleted. 删除或不传递受感染的邮件时,也可能会将通知发送给发件人或管理员。Notifications may also be sent to senders or admins when an infected message is deleted and not delivered. 您也可以选择使用通知收件人恶意软件检测结果的默认或自定义邮件取代受感染的附件。You can also choose to replace infected attachments with either default or custom messages that notify the recipients of the malware detection.

备注

无法禁用反恶意软件扫描。Anti-malware scanning can't be disabled.

对于独立 EOP 客户,该服务仅扫描由该服务路由的入站和出站邮件,而不会扫描从组织中的发件人发送给组织中的收件人的邮件。For standalone EOP customers, the service only scans inbound and outbound messages that are routed by the service, and does not scan messages sent from a sender in your organization to a recipient in your organization. 但是,对于另一层防御,可以将该服务与 Exchange Server 的内置反恶意软件保护功能进行配对,从而扫描内部邮件中的恶意软件。However, for another layer of defense, you can pair the service with the built-in anti-malware protection capabilities of Exchange Server, which scans internal messages for malware.

对于 exchange Online 客户和 Exchange Enterprise CAL 中包含的用于本地 Exchange 客户服务的 EOP,EOP 将扫描由该服务路由的入站和出站邮件,以及从组织中的发件人发送给组织中的收件人的内部邮件。For Exchange Online customers and the EOP that's included in Exchange Enterprise CAL with Services for on-premises Exchange customers, EOP scans inbound and outbound messages that are routed by the service, as well as internal messages sent from a sender in your organization to a recipient in your organization.

有关详细信息,请参阅 EOP 和反恶意软件保护常见问题解答中的反恶意软件保护For more information, see Anti-malware protection in EOP and Anti-malware protection FAQ.

自定义反恶意软件策略Customize anti-malware policies

可以为全公司范围设置配置默认策略。You can configure the default policy for company-wide settings. 为了更细致,您还可以创建自定义反恶意软件策略,并将其应用到组织中的指定用户、组或域。For greater granularity, you can also create custom anti-malware policies and apply them to specified users, groups, or domains in your organization. 虽然自定义策略的优先级始终高于默认策略,但可以更改自定义策略的优先级(即运行顺序)。Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. 有关详细信息,请参阅在 EOP 中配置反恶意软件策略For more information, see Configure anti-malware policies in EOP.

反垃圾邮件保护Anti-spam protection

EOP 使用专有反垃圾邮件技术帮助实现高准确率。EOP uses proprietary anti-spam technology to help achieve high accuracy rates. EOP 在所有入站邮件上提供强大的连接筛选和垃圾邮件筛选。EOP provides strong connection filtering and spam filtering on all inbound messages. 如果您使用出站垃圾邮件筛选来发送出站电子邮件,那么也将始终启用该服务,从而帮助保护使用此服务的组织及其目标收件人。Outbound spam filtering is also always enabled if you use the service for sending outbound email, thereby helping to protect organizations using the service and their intended recipients.

有关详细信息,请参阅 EOP 和反垃圾邮件保护常见问题解答中的反垃圾邮件保护For more information, see Anti-spam protection in EOP and Anti-spam protection FAQ.

自定义反垃圾邮件策略Customize anti-spam policies

垃圾邮件筛选功能将自动启用由 EOP 处理的所有入站和出站电子邮件。Spam filtering is automatically enabled for all inbound and outbound email messages that are processed by EOP. 您不能完全禁用垃圾邮件筛选,但您可以在默认的反垃圾邮件策略中修改特定的公司范围设置。You can't completely disable spam filtering, but you can modify specific company-wide settings in your default anti-spam policy. 为了更细致,您还可以创建自定义反垃圾邮件策略,并将其应用到组织中的特定用户、组或域。For greater granularity, you can also create custom anti-spam policies and apply them to specific users, groups, or domains in your organization. 虽然默认情况下自定义策略的优先级始终高于默认策略,但可以更改自定义策略的优先级(即运行顺序)。By default, custom policies take precedence over the default policy, but you can change the priority (running order) of your custom policies.

有关详细信息,请参阅下列主题:For more information, see the following topics:

重要

在 EOP 保护本地邮箱的混合部署中,需要在内部部署 Exchange 组织中配置两个邮件流规则(也称为传输规则),以检测添加到邮件中的 EOP 垃圾邮件筛选标头。In hybrid deployments where EOP protects on-premises mailboxes, you need to configure two mail flow rules (also known as transport rules) in your on-premises Exchange organization to detect the EOP spam filtering headers that are added to messages. 有关详细信息,请参阅在混合环境中将独立 EOP 配置为向“垃圾邮件”文件夹递送垃圾邮件For details, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments.

防欺骗保护Anti-spoofing protection

EOP 中的反欺骗技术专门检查邮件正文中的“发件人”标头(用于显示电子邮件客户端中的邮件发件人)。The anti-spoofing technology in EOP specifically examines forgery of the From header in the message body (used to display the message sender in email clients). 如果 EOP 高度确信“发件人”标头是伪造的,该邮件将被识别为欺骗邮件。When EOP has high confidence that the From header is forged, the message is identified as spoofed.

从 2018 年 10 月起,在 EOP 中提供防欺骗保护。As of October 2018, anti-spoofing protection is available in EOP. 在此之前,反欺骗保护仅在具有 Office 365 高级威胁防护(ATP)的组织中可用。Before then, anti-spoofing protection was only available in organizations with Office 365 Advanced Threat Protection (ATP).

有关详细信息,请参阅EOP 中的反欺骗保护For more information, see Anti-spoofing protection in EOP

隔离Quarantine

默认情况下,EOP 会将包含恶意软件的网络钓鱼邮件和邮件直接发送到隔离。By default, EOP sends phishing messages and messages that contain malware directly to quarantine. 垃圾邮件和批量邮件将发送到用户的垃圾邮件文件夹,除非管理员将反垃圾邮件策略配置为将这些邮件发送到隔离区。Spam and bulk mail is sent to the user's Junk Email folder, unless an admin configures an anti-spam policy to send these messages to quarantine instead. 根据隔离邮件的原因,管理员和最终用户可以查看和管理隔离中的邮件。Depending on why the message was quarantined, admins and end-users can view and manage messages in quarantine.

有关详细信息,请参阅EOP 中隔离的电子邮件For more information, see Quarantined email messages in EOP.

将邮件报告给 Microsoft 进行分析Report messages to Microsoft for analysis

通过提交功能,管理员和最终用户可以轻松地报告其认为被错误地归为垃圾邮件(误报)或因筛选器而错过的邮件(漏报)。The submission feature allows admins and end-users to easily report items that they believe were incorrectly classified as junk (false positives) or missed by the filters (false negatives). 根据分析结果的不同,我们可以调整筛选堆栈,以帮助减少垃圾邮件筛选出的或受服务允许的垃圾邮件的数量和影响。Depending on the results of the analysis, we can then adjust the filtering stack to help reduce the number and impact of junk email messages filtered or allowed by the service.

有关详细信息,请参见向 Microsoft 报告邮件和文件For more information, see Report messages and files to Microsoft.

功能可用性Feature availability

若要查看跨计划、独立选项和本地解决方案的功能可用性,请参阅Exchange Online Protection 服务说明To view feature availability across plans, standalone options, and on-premises solutions, see Exchange Online Protection service description.