MS365 – Exchange Online: Dateiendungen in der Malware-Regel

Hier zeige ich Ihnen, wie Sie die aktuell blockierten Dateiendungen in der Malware-Regel „POL_AntiMalware“ abrufen, anpassen und die Regel aktivieren oder deaktivieren können. Diese Schritte helfen Ihnen dabei, die Sicherheit Ihrer E-Mail-Umgebung zu erhöhen, indem Sie potenziell gefährliche Anhänge effektiv verwalten.


1. Abrufen der aktuell blockierten Dateiendungen

Um die derzeit in der Malware-Regel „POL_AntiMalware“ blockierten Dateiendungen zu überprüfen, verwenden Sie das folgende PowerShell-Kommando:

Get-MalwareFilterPolicy -Identity "POL_AntiMalware" | Select -Expand FileTypes

Erklärung:

  • Get-MalwareFilterPolicy: Ruft die Einstellungen der angegebenen Malware-Filterrichtlinie ab.
  • -Identity „POL_AntiMalware“: Spezifiziert die zu überprüfende Richtlinie.
  • Select -Expand FileTypes: Zeigt die Liste der blockierten Dateiendungen an.
Diese Liste zeigt alle Dateiendungen, die derzeit von der Regel blockiert werden.

2. Anpassen der blockierten Dateiendungen

Um die Liste der blockierten Dateiendungen zu ändern, verwenden Sie das folgende Kommando:

Set-MalwareFilterPolicy -Identity "POL_AntiMalware" -FileTypes @("001","7z","ace","arj","bin","bz","bz2","bzip","bzip2","cab","cpio","deb","dmg","fat","gz","gzip","hfs","img","iso","lha","lzma","lz","lzh","mht","mime","ntfs","r00","r01","r02","r03","r04","r05","r06","r07","r08","r09","r10","r11","r12","r13","r14","r15","r16","r17","r18","r19","r20","r21","r22","r23","r24","r25","r26","r27","r28","r29","rev","rpm","smi","squashfs","swm","tar","taz","tbz","tbz2","tgz","tpz","txz","uu","uue","uuencode","vhd","webarchive","wim","xar","xxe","xz","z","asax","ashx","asp","bas","btm","cla","class","csh","ksh","mhtm","mhtml","pl","plg","ps1","ps1xml","ps2","ps2xml","psc1","psc2","sh","vb","wml","xbap","xdp","app","bat","cmd","com","dll","exe","jar","jnlp","js","jse","lnk","msi","msp","mst","ocx","pif","scr","tlb","url","vbe","vbs","ws","wsc","wsf","wsh","accde","ade","adp","cnv","dochtml","docm","docxml","dot","dothtml","dotm","dotx","dqy","fxp","iqy","mad","maf","mag","mam","maq","mar","mas","mat","mau","mav","maw","mda","mdb","mde","mdt","mdw","mdz","mpd","one","ops","osd","pot","potm","ppa","ppam","pps","ppsm","ppsx","pptm","pst","pub","pwz","sldm","slk","vbp","vsmacros","vss","vst","vsto","vsw","wbk","wiz","xla","xlam","xld","xlk","xll","xlsb","xlsm","xlt","xltm","xlw","xmls","xmlx","xnk","386","3gr","ani","application","appref-ms","appx","appxbundle","appxmanifest","blg","camp","cdmp","cer","chm","cnt","compositefont","cpl","crl","crt","der","drv","fon","gadget","grp","hlp","hpj","ht","hta","htt","hxs","igp","inf","ini","ins","isp","job","key","msc","msh","msh1","msh1xml","msh2","msh2xml","mshxml","pnf","prf","prg","reg","scf","sct","settingcontent-ms","shb","shs","sys","tmp","ttf","vxd","wbt") -EnableFileFilter $true -ZapEnabled $true

Erklärung:

  • Set-MalwareFilterPolicy: Ändert die Einstellungen der angegebenen Malware-Filterrichtlinie.
  • -Identity „POL_AntiMalware“: Spezifiziert die zu ändernde Richtlinie.
  • -FileTypes @(„…“): Eine Array-Liste der Dateiendungen, die Sie blockieren möchten.
  • -EnableFileFilter $true: Aktiviert den Dateitypfilter.
  • -ZapEnabled $true: Aktiviert die automatische Entfernung erkannter Malware aus Postfächern.

Hinweis: Ersetzen Sie die Dateiendungen in der Liste entsprechend Ihren Anforderungen. Die oben angegebene Liste ist umfangreich und deckt viele potenziell gefährliche Dateitypen ab.


3. Aktivieren oder Deaktivieren der Malware-Regel

Aktivieren der Regel:

Enable-MalwareFilterRule -Identity "POL_AntiMalware"

Deaktivieren der Regel:

Disable-MalwareFilterRule -Identity "POL_AntiMalware"

Hinterlasse jetzt einen Kommentar

Kommentar hinterlassen

E-Mail Adresse wird nicht veröffentlicht.


*