You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Action parameter specifies the action to take when malware is detected in a message. Valid values are:
91
91
92
-
- DeleteMessage: Deletes the message. This is the default value.
92
+
- DeleteMessage: Handles the message without notifying the recipients. This is the default value. In Exchange Server, the message is deleted. In the cloud-based service, the message is quarantined.
93
93
94
-
- DeleteAttachmentAndUseDefaultAlert: Delivers the message, but replaces the message contents with the default alert text.
94
+
- DeleteAttachmentAndUseDefaultAlert: Delivers the message, but replaces the malware attachment with a file named Malware Alert Text.txt that contains the default alert text. In the cloud-based service, the message with the original attachment is also quarantined.
95
95
96
-
- DeleteAttachmentAndUseCustomAlert: Delivers the message, but replaces the message contents with the custom alert text specified by the AlertText parameter.
97
-
98
-
Note: For Exchange Online Protection, any of these actions result in the message being delivered. Attachments that contain malware are quarantined. For more information about quarantined messages, see https://docs.microsoft.com/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files.
96
+
- DeleteAttachmentAndUseCustomAlert: Delivers the message, but replaces the malware attachment with a file named Malware Alert Text.txt that contains the custom alert text specified by the CustomAlertText parameter. In the cloud-based service, the message with the original attachment is also quarantined.
This parameter is available only in on-premises Exchange.
131
129
132
-
The BypassInboundMessages parameter skips or enforces malware scanning on incoming messages. Valid input for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on incoming messages by default.
130
+
The BypassInboundMessages parameter enables or disables malware filtering on incoming messages (messages entering the organization). Valid values are:
131
+
132
+
- $true: Malware filtering is disabled on inbound messages.
133
+
134
+
- $false: Malware filtering is enabled on inbound messages. This is the default value.
This parameter is available only in on-premises Exchange.
149
151
150
-
The BypassOutboundMessages parameter skips or enforces malware scanning on outgoing messages. Valid input for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on outgoing messages by default.
152
+
The BypassOutboundMessages parameter enables or disables malware filtering on outgoing messages (messages leaving the organization). Valid values are:
153
+
154
+
- $true: Malware filtering is disabled on outbound messages.
155
+
156
+
- $false: Malware filtering is enabled on outbound messages. This is the default value.
The CustomAlertText parameter specifies the custom alert text to insert in the message when malware is detected and the value of the Action parameter is set to ReplaceWithCustomAlert. This parameter is required when the CustomNotifications parameter is set to $true.
192
+
The CustomAlertText parameter specifies the custom text to use in the replacement attachment named Malware Alert Text.txt. If the value contains spaces, enclose the value in quotation marks (").
193
+
194
+
This parameter is only meaningful when the Action parameter value is ReplaceWithCustomAlert.
The CustomExternalBody parameter specifies the body of the custom notification message that's sent to an external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
210
+
The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks (").
211
+
212
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomExternalSubject parameter specifies the subject of the custom notification message that's sent to an external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
232
+
The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks (").
233
+
234
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomFromAddress parameter specifies the From address of the custom notification message that's sent to an internal or external sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
254
+
The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders.
255
+
256
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomExternalFromName parameter specifies the From name of the custom notification message that's sent to internal or external senders when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
280
+
The CustomFromName parameter specifies the From name of the custom notification message for malware detections in messages from internal or external senders. If the value contains spaces, enclose the value in quotation marks (").
281
+
282
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomInternalBody parameter specifies the body of the custom notification message that's sent to an internal sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
306
+
The CustomInternalBody parameter specifies the body of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks (").
307
+
308
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomInternalSubject parameter specifies the subject of the custom notification message that's sent to an internal sender when a message contains malware. This parameter is required when the CustomNotifications parameter is set to $true.
328
+
The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks (").
329
+
330
+
This parameter is only meaningful when the CustomNotifications parameter value is $true, and at least one of the following parameter values is also $true:
The CustomNotifications parameter enables or disables the custom notification message to the sender when the message contains malware. Valid input for this parameter is $true or $false. The default value is $false.
350
+
The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are:
299
351
300
-
If you enable custom notification messages by setting this parameter to $true, you specify the details of the custom notification message using the CustomFromAddress,CustomFromName, CustomExternalSubject, CustomExternalBody, CustomInternalSubject and CustomInternalBody parameters.
352
+
- $true: When malware is detected in a message, a custom notification message is sent to the message sender. You specify the details of message using the CustomFromAddress, CustomFromName, CustomExternalSubject, CustomExternalBody, CustomInternalSubject and CustomInternalBody parameters.
353
+
354
+
- $false: Custom notifications to the original message sender are disabled. This is the default value. Default notification messages are sent if the EnableExternalSenderNotifications and EnableInternalSenderNotifications parameters are set to $true.
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to an administrator when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The default value is $false.
388
+
The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are:
389
+
390
+
- $true: When malware is detected in messages from external senders, send notification messages to the email address that's specified by the ExternalSenderAdminAddress parameter. You can customize the notification message using the CustomFromAddress, CustomFromName, CustomExternalBody, and CustomExternalSubject parameters.
335
391
336
-
Specify the administrator to receive the notification messages by using the ExternalSenderAdminAddress parameter.
392
+
- $false: When malware is detected in messages from external senders, don't send administrator notifications. This is the default value.
The EnableExternalSenderNotifications parameter enables or disables sending notification messages to senders when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The default value is $false.
408
+
The EnableExternalSenderNotifications parameter enables or disables notification messages for malware detections in messages from external senders. Valid values are:
409
+
410
+
- $true: When malware is detected in a message from an external sender, send them a notification message. You can customize the notification message using the CustomFromAddress, CustomFromName, CustomExternalBody, and CustomExternalSubject parameters.
411
+
412
+
- $false: Don't send malware detection notification messages to external message senders. This is the default value.
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to an administrator when malware is detected in messages from internal senders. Valid input for this parameter is $true or $false. The default value is $false.
448
+
The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are:
391
449
392
-
Specify the administrator to receive the notification messages by using the InternalSenderAdminAddress parameter.
450
+
- $true: When malware is detected in messages from internal senders, send notification messages to the email address that's specified by the InternalSenderAdminAddress parameter. You can customize the notification message using the CustomFromAddress, CustomFromName, CustomInternalBody, and CustomInternalSubject parameters.
451
+
452
+
- $false: When malware is detected in messages from internal senders, don't send administrator notifications. This is the default value.
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to senders when malware is detected in messages from internal senders. Valid input for this parameter is $true or $false. The default value is $false.
468
+
The EnableInternalSenderNotifications parameter enables or disables notification messages for malware detections in messages from internal senders. Valid values are:
469
+
470
+
- $true: When malware is detected in a message from an internal sender, send them a notification message. You can customize the notification message using the CustomFromAddress, CustomFromName, CustomInternalBody, and CustomInternalSubject parameters.
471
+
472
+
- $false: Don't send malware detection notification messages to internal message senders. This is the default value.
The FileTypes parameter specifies the file types that are blocked by common attachment blocking. The default values are:
504
+
The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content. The default values are:
441
505
442
-
- ace
506
+
- .ace
443
507
444
-
- ani
508
+
- .ani
445
509
446
-
- app
510
+
- .app
447
511
448
-
- docm
512
+
- .docm
449
513
450
-
- exe
514
+
- .exe
451
515
452
-
- jar
516
+
- .jar
453
517
454
-
- reg
518
+
- .reg
455
519
456
-
- scr
520
+
- .scr
457
521
458
-
- vbe
522
+
- .vbe
459
523
460
-
- vbs
524
+
- .vbs
461
525
462
526
You enable or disable common attachment blocking by using the EnableFileFilter parameter.
463
527
464
-
Common attachment blocking uses best effort true-typing to detect the file type regardless of the file name extension. If true-typing fails or isn't supported for the specified file type, then extension matching is used. For example, ps1 files are Windows PowerShell scripts, but their true type is text.
528
+
Common attachment blocking uses best effort true-typing to detect the file type regardless of the file name extension. If true-typing fails or isn't supported for the specified file type, then extension matching is used. For example, .ps1 files are Windows PowerShell scripts, but their true type is text.
465
529
466
530
To replace the existing list of file types with the values you specify, use the syntax \<FileType1\>,\<FileType2\>,...\<FileTypeN\>. To preserve existing values, be sure to include the file types that you want to keep along with the new values that you want to add.
The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notifications messages when messages from external senders contain malware. Notification messages are sent to the specified email address only if the EnableInternalSenderAdminNotifications parameter is set to $true.
548
+
The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from internal senders.
549
+
550
+
This parameter is only meaningful if the EnableInternalSenderAdminNotifications parameter value is $true.
0 commit comments