Anti-Malware Exceptions

Anti-Malware Allow-List

Administrators can exclude files from malware inspection so that the Anti-Malware engine always returns a clean verdict for them. You can use File MD5 hash or a Macro MD5 hash in an Anti-Malware Allow-List rule.

You can use Macro MD5 as an exception and prevent the Anti-Malware engine from detecting the file that contain a macro as malware.

Note - Macro MD5 Allow-List supports these file formats: DOC, DOCM, DOCX, DOTM, DOTX, POT, POTM, POTX, PPA, PPAM, PPS, PPSM, PPSX, PPT, PPTM, PPTX, XLAM, XLSB, XLSM, XLSX, XLTM, and XLTX.

You can add Anti-Malware Allow-List rule from any of these:

    1. Click Security Settings > Exceptions > Anti-Malware.

    2. In the drop-down from the top of the page, select the exception type as Allow-List.

    3. Click Create Allow-List.

    4. Enter the required File MD5 hash.

    5. If required, enter a comment for the Allow-List rule.

      Administrators can use the commented text to filter and find the Allow-Lists with a specific text from their comments.

    6. Click OK.

    1. Open the required attachment profile from the Security Events.

    2. Under Security Stack, select Create Allow-List for Anti-Malware.

    3. Select the Allow-List Type (File MD5 or Macro MD5).

      The File MD5 or the file's detected Macro MD5 will be displayed automatically.

      Notes:

      • Administrators can see the code of each Macro MD5 by selecting a specific Macro MD5.

      • You can add only one Macro in an Allow-List rule and the files containing the allow-listed macro will not be flagged as malicious.

    4. If required, enter a comment for the Allow-List rule.

      Administrators can use the commented text to filter and find the Allow-Lists with a specific text from their comments.

    5. Click OK.

Anti-Malware Block-List

Administrators can create Anti-Malware Block-List to mark any file type as malware. By adding a Block-List rule for a file type, the Anti-Malware engine automatically marks all matching file types as containing malware.

Note - For file types (PDF, EML, HTML) that support link identification, you can choose to block these files based on whether they contain links or not.

You can add Anti-Malware Block-List rule from any of these:

    1. Click Security Settings > Exceptions > Anti-Malware.

    2. In the drop-down from the top of the page, select the exception type as Block-List.

    3. Click Create Block-List.

    4. Enter the required File Type.

      Note - When you add multiple file types, each file type will be added as a separate exception.

    5. For the file types that support link identification (PDF, EML, and HTML), select one of these.

      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note - This option is available only for PDF, EML, and HTML file types.

    6. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    7. Click OK.

    1. Open the required attachment profile from the Security Events.

    2. Under Security Stack, click Create Block-List for Anti-Malware.

      The detected file type displays automatically.

    3. If required, add the required file types.

      Note - When you add multiple file types, each file type will be added as a separate exception.

    4. For the file types that support link identification (PDF, EML, and HTML), select one of these.

      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note - This option is available only for PDF, EML, and HTML file types.

    5. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    6. Click OK.

Password-Protected Attachments Allow-List

When a Password-Protected Attachment allow-list is detected for an email address or domain, the system ignores the Password-Protected Attachments workflow configured in the policy and delivers the attachment to the end-user.

  • Password detected: The system scans the attachments for malware and gives the verdict.

  • Password not detected: The system gives the verdict as allow-listed (clean) and delivers the attachment to the user.

To create a Password-Protected Attachments Allow-List:

  1. Click Security Settings > Exceptions > Anti-Malware.

  2. In the drop-down from the top of the page, select the exception type as Password-Protected Attachments.

  3. Click Create Allow-List.

  4. In the Email Address / Domain field, enter the email addresses or domains.

    If you enter multiple email addresses or domains, the system creates separate allow-list for each email address / domain.

  5. If required, enter a comment for the Allow-List rule.

  6. Click OK.