Advance Threat protection - Safe Attachment
While Showcasing the ATP features to a client in a POC i noticed the following.
ATP - Safe Attachment rule is set as Replace - Block bad attachment and continue to deliver the mail. However the Mail is not delivered it is deleted completely.
Solution
Go to Exchange Admin Center > Protection > Malware Filter
By default the Malware Policy is set to delete the entire mail if something is found as malware in the mail or attachment.
Edit your Default policy.
2. Checked the recipient inbox. The mail was delivered without the attachment, instead there was a text file attached with the information that the attachment was removed as it was marked as Malware.
ATP - Safe Attachment rule is set as Replace - Block bad attachment and continue to deliver the mail. However the Mail is not delivered it is deleted completely.
Solution
Go to Exchange Admin Center > Protection > Malware Filter
By default the Malware Policy is set to delete the entire mail if something is found as malware in the mail or attachment.
Edit your Default policy.
1. Change the Default Setting to - Delete attachment and use default alert text or Custom Alert "depending on your requirement. In my case i had kept as default alert text.
2. You can also customize the Notification too.
3. You can also set the settings so that it will notifies the sender and sender for the undelivered of the Mail.
4. A notification about the same can be sent to the Admins too, you can use default or costume alert type too. (This will send a intimation to the admin that a user"XXX" had been sent a Bad mail.
Sample - notification mail to Admin.
After Making the changes i had sent a test mail and it was delivered with a notification. The Attachment was removed but the mail contents were as it is.
1. First did a message trace.
Comments
Post a Comment