introduction
Malware filtering come to place after connection filter as the Second line of Defense
Exchange Online Protection (EOP) provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email
Admins do not need to set up or maintain the filtering technologies, which are enabled by default
However >> admins can make company-specific filtering customizations.
please Note :
- By December 1, 2020 – the malware filter experience will be removed from the Exchange admin center EAC . >> Please try to make more practice on SCC [ the Security and Compliance Center ] https://protection.office.com/antimalwarev2
Malware types
Malware are categorized into :
Viruses
that infect other programs and data,
and spread through your computer or network looking for programs to infect.
Spyware
that that gathers your personal information,
such as sign-in information and personal data, >> and sends it back to its author.
Ransomware
that encrypts your data and demands payment to decrypt it.
Anti-malware software doesn’t help you decrypt encrypted files >> , but it can detect and remove the malware that’s associated with the ransomware
Anti-Malware Options
EOP offers multi-layered malware protection that’s designed to catch all known malware traveling into or out of your organization.
The following options help provide anti-malware protection:
Layered defenses against malware:
Multiple anti-malware scan engines help protect against both known and unknown threats.
These engines include powerful heuristic detection to provide protection even during the early stages of a malware outbreak.
This multi-engine approach has been shown to provide significantly more protection than using just one anti-malware engine.
Real-time threat response:
During some outbreaks, the anti-malware team may have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat
even before a definition is available from any of the scan engines used by the service. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks.
Fast anti-malware definition deployment:
- The anti-malware team maintains close relationships with partners who develop anti-malware engines.
- As a result, the service can receive and integrate malware definitions and patches before they’re publicly released.
what to configure in Malware Filtering
as mentioned previously [please back to first article of EOP ] : the users with the following Rules can configure EOP policies :
- global admin
- exchange admin
- security admin
Admins can view, edit, and configure (but not delete) the default anti-malware policy to meet the needs of their organizations
Also admin can also create custom anti-malware policies that apply to specific users, groups, or domains in your organization.
Custom policies always take precedence over the default policy, but you can change the priority of your custom policies.
Conclusion
Malware Filtering is second line of defense of EOP after Connection filtering
microsoft move configuration of Malware filtering to SCC [Security and Compliance Center ]
default anti-malware policy and custom policy allow admin to set how to deal with email that include malware email with attachment and how to notify admin and other users about malware
also we can configure suspect attachment type like .exe .bat and so on
