With the help of the Attachment Filtering protection module, you can filter attachments in your company mailboxes.
Attachment Filtering is a feature that scans files attached to email messages. This feature allows you to control external and internal file exchange within your Exchange Online. If Attachment Filtering is enabled, Kaspersky Security for Microsoft Office 365 scans messages for files that match the specified filtering criteria and applies the action that you predefine in the settings.
This option allows you to filter attached files according to the specified file formats.
To recognize the format of an attached file, the application analyzes the structure of the file. As a result, the specified file formats are detected even if the extension of an attached file does not match the actual type of the file (for example, if the extension has been changed intentionally).
By default, all file formats are disabled. To enable file formats:
Select the Detect files of the following formats check box.
This option allows you to filter attached Microsoft Office files that contain macros.
To determine whether an attached file contains a macro, the application analyzes the structure of the file. As a result, files with macros are detected even if the extension of an attached file does not match the actual type of the file (for example, if the extension has been changed intentionally).
By default, this option is disabled. To enable this option, select the Detect Microsoft Office files containing macros check box.
If the application detects an attached file matching the filtering criteria, the application removes this file only. The rest of the message remains unchanged in the user mailbox. A message copy containing the original attached file is placed in Quarantine. In this case, the removed attachment is replaced with a text file that informs the user about the action taken by the application.
The replacement file also contains the list of attachments matching the filtering criteria and those that were filtered out. If an attachment matching the filtering criteria is detected inside of an archive, the application applies the configured action to the whole archive.
Edit the template contents in the Message text field. For example, the text can include instructions or other information relevant to employees of your organization.
If you want to restore the default template, click the Reset button.
Notifications to mailbox owners are sent on behalf of the Security Service, which will be indicated in the From field of the corresponding email message. You cannot send a reply to this sender.
%FROM%. Message sender.
%TO%. Message recipients, including carbon copy ones.
%SUBJECT%. Message subject.
%FOLDER%. Mailbox folder where the message was detected.
%MSG_TIME%.The receipt date and time for incoming messages, the date and time when the message was sent for outgoing messages, and the draft creation date and time for drafts. The time zone specified in the application settings is applied.
%DETECTED_FILES%. List of files detected in the message attachment.
This option is available for the Delete and quarantine message action only.
Allowlist
In the Allowlist area, configure allowed senders and files to be skipped from processing.
This option allows you to configure allowed senders. These senders are considered trusted and messages from them are skipped from processing.
To configure allowed senders:
Select the Allow messages from the following senders check box.
Click the Select button.
The Sender allowlist window opens.
Click the Add sender button.
The Add a sender to the allowlist window opens.
In the Specify a complete email address or a mask entry field, provide an email address or several email addresses that should be added to the allowlist separated by semicolons or line breaks.
If you want to allow several senders at once, you can use masks. For instance, if you specify the *@example.com mask, the allowlist contains all email addresses from the @example.com domain. You can also copy and paste a list of email addresses / masks separated by semicolons or line breaks in the entry field.
Representation of a file name using wildcards. The standard wildcards used in file masks are * and ?, where * represents any number of any characters and ? stands for any single character.
Click Validate.
The provided email addresses / masks are displayed in the list.
If the email addresses / masks are entered incorrectly, they are displayed in the list in a red font, and you must introduce changes to save them.
Click Save to save the list of provided addresses / masks.
If you want to delete an email address / mask from the list:
Click the Delete () button next to the email address / mask.