Anti-Malware Exceptions

Anti-Malware Allow-List

Administrators can exclude files from malware inspection so that the Anti-Malware engine always returns a clean verdict for them. You can use File MD5 hash or a Macro MD5 hash in an Anti-Malware Allow-List rule.

You can add Anti-Malware Allow-List rule from any of these:

• From the Anti-Malware Allow-List

  1. Click Security Settings > Exceptions > Anti-Malware.

  2. In the drop-down from the top of the page, select the exception type as Allow-List.

  3. Click Create Allow-List.

  4. Enter the required File MD5 hash.

  5. If required, enter a comment for the Allow-List rule.

     Administrators can use the commented text to filter and find the Allow-Lists with a specific text from their comments.

  6. Click OK.

• From the Entity Profile page

  1. Open the required attachment profile from the Security Events.

  2. Under Security Stack, select Create Allow-List for Anti-Malware.

  3. Select the Allow-List Type (File MD5 or Macro MD5).

     The File MD5 or the file's detected Macro MD5 will be displayed automatically.

     Notes: Administrators can see the code of each Macro MD5 by selecting a specific Macro MD5. You can add only one Macro in an Allow-List rule and the files containing the allow-listed macro will not be flagged as malicious.

  4. If required, enter a comment for the Allow-List rule.

     Administrators can use the commented text to filter and find the Allow-Lists with a specific text from their comments.

  5. Click OK.

Note - Macro MD5 Allow-List supports these file formats: DOC, DOCM, DOCX, DOTM, DOTX, POT, POTM, POTX, PPA, PPAM, PPS, PPSM, PPSX, PPT, PPTM, PPTX, XLAM, XLS, XLSB, XLSM, XLSX, XLTM, and XLTX.

Anti-Malware Block-List

Administrators can create Anti-Malware Block-List to mark any file type as malware. By adding a Block-List rule for a file type, the Anti-Malware engine automatically marks all matching file types as containing malware.

Note - For file types (PDF, EML, HTML) that support link identification, you can choose to block these files based on whether they contain links or not.

You can add Anti-Malware Block-List rule from any of these:

• From the Anti-Malware Block-List

  1. Click Security Settings > Exceptions > Anti-Malware.

  2. In the drop-down from the top of the page, select the exception type as Block-List.

  3. Click Create Block-List.

  4. Enter the required File Type.

     Note - When you add multiple file types, each file type will be added as a separate exception.

  5. For the file types that support link identification (PDF, EML, and HTML), select one of these.

     • Block always (with or without links)

     • Block only if contains links

     • Block only if does not contain links

     Note - This option is available only for PDF, EML, and HTML file types.

  6. If required, enter a comment for the Block-List rule.

     Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

  7. Click OK.

• From the Entity Profile page

  1. Open the required attachment profile from the Security Events.

  2. Under Security Stack, click Create Block-List for Anti-Malware.

     The detected file type displays automatically.

  3. If required, add the required file types.

     Note - When you add multiple file types, each file type will be added as a separate exception.

  4. For the file types that support link identification (PDF, EML, and HTML), select one of these.

     • Block always (with or without links)

     • Block only if contains links

     • Block only if does not contain links

     Note - This option is available only for PDF, EML, and HTML file types.

  5. If required, enter a comment for the Block-List rule.

     Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

  6. Click OK.

Password-Protected Attachments Allow-List

When a Password-Protected Attachment allow-list is detected for an email address or domain, the system ignores the Password-Protected Attachments workflow configured in the policy and delivers the attachment to the end-user.

• Password detected: The system scans the attachments for malware and gives the verdict.

• Password not detected: The system gives the verdict as allow-listed (clean) and delivers the attachment to the user.

To create a Password-Protected Attachments Allow-List:

1. Click Security Settings > Exceptions > Anti-Malware.

2. In the drop-down from the top of the page, select the exception type as Password-Protected Attachments.

3. Click Create Allow-List.

   

4. In the Email Address / Domain field, enter the email addresses or domains.

   If you enter multiple email addresses or domains, the system creates separate allow-list for each email address / domain.

5. If required, enter a comment for the Allow-List rule.

6. Click OK.