Add OneNote Fileextensions to the Exchange Online Malware Filter

Hi All,

I’ve heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack.

Sadly i don’t know the exact details of that Attack.

What came to my mind was to block OneNote Attachments in the Malware Filter.

• Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant

Also Microsoft want’s to improve here according to the M 365 Roadmap

• M365 Roadmap

I’ve checked the OneNote file Extensions on my Computer

Microsoft OneNote File Extensions according to thefile.org

Let’s go to work. List the Malware Filter Policys in Exchange Online

Connect-ExchangeOnline
Get-MalwareFilterPolicy | ft Name

Look at the Details. As you can see the Extensions are in the FileTypes Attribute (without dot before the Extension).

Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01

Let’s add the OneNote File Extensions

$FileTypes = (Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01).FileTypes
$FileTypes.Count
$FileTypes.Add("one")
$FileTypes.Add("onepkg")
$FileTypes.Add("onetoc")
$FileTypes.Add("pwi")
$FileTypes.Add("sig")
$FileTypes.Add("onechache")
$FileTypes.Add("onetmp")
$FileTypes.Add("onetoc")
Set-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 -FileTypes $FileTypes

As you can see the Filetypes are now in the Policy

Regards
Andres Bohren