Exchange Online Protection Common Attachment Filter Update
Hallo zusammen,
Microsoft hat im M365 Defender Portal das GUI für die Antimalware File Types überarbeitet.
Bisher waren nur folgende 13 File Extensions im Common Attachment Filter vorhanden.
- ace
- ani
- app
- cab
- docm
- exe
- iso
- jar
- jnlp
- reg
- scr
- vbe
- vbs
Direktlink https://security.microsoft.com/antimalwarev2
Neu sind bis zu 96 Extensions in einer Liste auswählbar.
Get-MalwareFilterPolicy -Identity <Identity> | select -ExpandProperty FileTypes | measure
Get-MalwareFilterPolicy -Identity <Identity> | select -ExpandProperty FileTypes
Nun sind folgende 96 Extensions auswählbar
- ace
- ani
- app
- docm
- exe
- jar
- reg
- scr
- vbe
- vbs
- ade
- adp
- asp
- bas
- bat
- cer
- chm
- cmd
- com
- cpl
- crt
- csh
- der
- dll
- dos
- fxp
- gadget
- hlp
- Hta
- Inf
- Ins
- Isp
- Its
- js
- Jse
- Ksh
- Lnk
- mad
- maf
- mag
- mam
- maq
- mar
- mas
- mat
- mau
- mav
- maw
- mda
- mdb
- mde
- mdt
- mdw
- mdz
- msc
- msh
- msh1
- msh1xml
- msh2
- msh2xml
- mshxml
- msi
- msp
- mst
- obj
- ops
- os2
- pcd
- pif
- plg
- prf
- prg
- ps1
- ps1xml
- ps2
- ps2xml
- psc1
- psc2
- pst
- rar
- scf
- sct
- shb
- shs
- tmp
- url
- vb
- vsmacros
- vsw
- vxd
- w16
- ws
- wsc
- wsf
- wsh
- xnk
Oder man kann die Liste auf 159 erweitern. Ich habe mir die Erweiterungen aus folgenden Quellen zusammengetragen
| URL (Quellen) | Beschreibung |
|---|---|
| https://support.microsoft.com/en-us/office/blocked-attachments-in-outlook-434752e1-02d3-4e90-9124-8b81e49a8519?ui=en-us&rs=en-us&ad=us | Vom Office Fat Client blockierte Dateiendungen |
| https://docs.microsoft.com/en-us/deployoffice/compat/office-file-format-reference | Zusätzliche Office Files mit Makros |
| https://www.helpnetsecurity.com/2019/09/30/outlook-blocked-extensions/ | Weitere Dateiendungen welche in OWA blockiert werden |
Set-MalwareFilterPolicy -Identity Default -FileTypes @("ace","ani","app","docm","exe","jar","reg","scr","vbe","vbs","ade","adp","asp","bas","bat","cer","chm","cmd","com","cpl","crt","csh","der","dll","dos","fxp","gadget","hlp","Hta","Inf","Ins","Isp","Its","js","Jse","Ksh","Lnk","mad","maf","mag","mam","maq","mar","mas","mat","mau","mav","maw","mda","mdb","mde","mdt","mdw","mdz","msc","msh","msh1","msh1xml","msh2","msh2xml","mshxml","msi","msp","mst","obj","ops","os2","pcd","pif","plg","prf","prg","ps1","ps1xml","ps2","ps2xml","psc1","psc2","pst","rar","scf","sct","shb","shs","tmp","url","vb","vsmacros","vsw","vxd","w16","ws","wsc","wsf","wsh","xnk","appcontent-ms","appref-ms","aspx","arj","asx","cdxml","cnt","diagcab","dotm","grp","hpj","hta","htc","img","inf","ins","iso","isp","its","jnlp","jse","ksh","lnk","lzh","mcf","msu","osd","pl","potm","ppsm","pptm","printerexport","psd1","psdm1","pssc","py","pyc","pyo","pyw","pyz","pyzw","r25","r18","r14","r01","settingcontent-ms","tar","theme","udl","vbp","vhd","vhdx","webpnp","website","wsb","xbap","xlam","xll","xlm","xlsm","xltm","xlw","xps") -EnableFileFilter $true -ZapEnabled $true
Blockieren Sie wenn möglich Dateitypen gemäss dieser Liste des National Cyber Security Centre (NCSC):
Schaut euch die Liste aber vorher genau an. Hier das Command um diesen Filter anzuwenden
Set-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 -FileTypes @("001","7z","ace","arj","bin","bz","bz2","bzip","bzip2","cab","cpio","deb","dmg","fat","gz","gzip","hfs","img","iso","lha","lzma","lz","lzh","mht","mime","ntfs","r00","r01","r02","r03","r04","r05","r06","r07","r08","r09","r10","r11","r12","r13","r14","r15","r16","r17","r18","r19","r20","r21","r22","r23","r24","r25","r26","r27","r28","r29","rev","rpm","smi","squashfs","swm","tar","taz","tbz","tbz2","tgz","tpz","txz","uu","uue","uuencode","vhd","webarchive","wim","xar","xxe","xz","z","asax","ashx","asp","bas","btm","cla","class","csh","ksh","mhtm","mhtml","pl","plg","ps1","ps1xml","ps2","ps2xml","psc1","psc2","sh","vb","wml","xbap","xdp","app","bat","cmd","com","dll","exe","jar","jnlp","js","jse","lnk","msi","msp","mst","ocx","pif","scr","tlb","url","vbe","vbs","ws","wsc","wsf","wsh","accde","ade","adp","cnv","dochtml","docm","docxml","dot","dothtml","dotm","dotx","dqy","fxp","iqy","mad","maf","mag","mam","maq","mar","mas","mat","mau","mav","maw","mda","mdb","mde","mdt","mdw","mdz","mpd","one","ops","osd","pot","potm","ppa","ppam","pps","ppsm","ppsx","pptm","pst","pub","pwz","sldm","slk","vbp","vsmacros","vss","vst","vsto","vsw","wbk","wiz","xla","xlam","xld","xlk","xll","xlm","xlsb","xlsm","xlt","xltm","xlw","xmls","xmlx","xnk","386","3gr","ani","application","appref-ms","appx","appxbundle","appxmanifest","blg","camp","cdmp","cer","chm","cnt","compositefont","cpl","crl","crt","der","drv","fon","gadget","grp","hlp","hpj","ht","hta","htt","hxs","igp","inf","ini","ins","isp","job","key","msc","msh","msh1","msh1xml","msh2","msh2xml","mshxml","pnf","prf","prg","reg","scf","sct","settingcontent-ms","shb","shs","sys","tmp","ttf","vxd","wbt") -EnableFileFilter $true -ZapEnabled $true
Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 | select -ExpandProperty FileTypes | Measure
Liebe Grüsse
Andres Bohren
