Anti-Malware Exceptions
Anti-Malware Allow-List
Administrators can exclude files from malware inspection so that the Anti-Malware engine always returns a clean verdict for them. You can use the following criteria to create an Anti-Malware Allow-List rule:
-
Sender Email
-
Sender Domain
-
File MD5/Macro MD5
-
File type
You can add Anti-Malware Allow-List rule from any of these:
-
From the Anti-Malware Allow-List
- Click Security Settings > Exceptions > Anti-Malware.
- In the drop-down from the top of the page, select the exception type as Allow-List.
-
Click Create Allow-List.
The Create Anti-Malware Allow-List pop-up appears.
-
To create an allow-list for the sender's email address or domain:
In the Allow-List Type list, select Sender.
In the Sender Email Address / Domain field, enter the email address or domain.
Note:If you add multiple email addresses or domains, the system creates an allow list separately.
-
To create an allow-list for file MD5 hash:
In the Allow-List Type list, select File MD5.
In the File MD5 field, enter the File MD5.
-
To create an allow-list for the file type:
In the Allow-List Type list, select File Type.
In the File Type field, enter the file extension.
Note:If you add multiple file types, the system creates an allow list separately.
For certain file types such as PDF, you can choose to allow files only when they contain links. To do that, in the Links list, select the required option.
-
Allow always (with or without links)
-
Allow only if contains links
-
Allow only if does not contain links
-
(Optional) In the Comment field, enter a comment for the Allow-List rule.
Note:
Notes:
-
Administrators can view this comment on the Email page to understand the reason for allowing the email.
-
Administrators can also use the comment text to filter specific Allow-Lists.
-
- Click OK.
-
From the Entity Profile page
- Open the required attachment profile from the Security Events.
-
Under Security Stack, select Create Allow-List for Anti-Malware.
The Create Anti-Malware Allow-List pop-up appears.
-
To create an allow-list for the sender's email address or domain:
In the Allow-List Type list, select Sender.
In the Sender Email Address / Domain field, enter the email address or domain.
Note:If you add multiple email addresses or domains, the system creates an allow list separately.
-
To create an allow-list for file MD5 hash or Macro MD5:
-
In the Allow-List Type list, select File MD5.
The File MD5 or the file's detected Macro MD5 will be displayed automatically.
Note:Notes:
-
Administrators can see the code of each Macro MD5 by selecting a specific Macro MD5.
-
You can add only one Macro in an Allow-List rule and the files containing the allow-listed macro will not be flagged as malicious.
-
-
To create an allow-list for the file type:
In the Allow-List Type list, select File Type.
In the File Type field, enter the file extension.
Note:If you add multiple file types, the system creates an allow list separately.
For certain file types such as PDF, you can choose to allow files only when they contain links. To do that, in the Links list, select the required option.
-
Allow always (with or without links)
-
Allow only if contains links
-
Allow only if does not contain links
-
(Optional) In the Comment field, enter a comment for the Allow-List rule.
Note:
Notes:
-
Administrators can view this comment on the Email page to understand the reason for allowing the email.
-
Administrators can also use the comment text to filter specific Allow-Lists.
-
-
Click OK.
Note:
Administrators can view this comment on the Email page to understand the reason for allowing the email.