Anti-Malware Exceptions

Anti-Malware Allow-List

Administrators can exclude files from malware inspection so that the Anti-Malware engine always returns a clean verdict for them. You can use the following criteria to create an Anti-Malware Allow-List rule:

  • Sender Email

  • Sender Domain

  • File MD5/Macro MD5

  • File type

You can add Anti-Malware Allow-List rule from any of these:

    1. Click Security Settings > Exceptions > Anti-Malware.

    2. In the drop-down from the top of the page, select the exception type as Allow-List.

    3. Click Create Allow-List.

      The Create Anti-Malware Allow-List pop-up appears.

    4. To create an allow-list for the sender's email address or domain:

      1. In the Allow-List Type list, select Sender.

      2. In the Sender Email Address / Domain field, enter the email address or domain.

      Note - If you add multiple email addresses or domains, the system creates an allow list separately.

    5. To create an allow-list for file MD5 hash:

      1. In the Allow-List Type list, select File MD5.

      2. In the File MD5 field, enter the File MD5.

    6. To create an allow-list for the file type:

      1. In the Allow-List Type list, select File Type.

      2. In the File Type field, enter the file extension.

      Note - If you add multiple file types, the system creates an allow list separately.

      For certain file types such as PDF, you can choose to allow files only when they contain links. To do that, in the Links list, select the required option.

      • Allow always (with or without links)

      • Allow only if contains links

      • Allow only if does not contain links

    7. (Optional) In the Comment field, enter a comment for the Allow-List rule.

      Notes:

      • Administrators can view this comment on the Email page to understand the reason for allowing the email.

      • Administrators can also use the comment text to filter specific Allow-Lists.

    8. Click OK.

    1. Open the required attachment profile from the Security Events.

    2. Under Security Stack, select Create Allow-List for Anti-Malware.

      The Create Anti-Malware Allow-List pop-up appears.

    3. To create an allow-list for the sender's email address or domain:

      1. In the Allow-List Type list, select Sender.

      2. In the Sender Email Address / Domain field, enter the email address or domain.

      Note - If you add multiple email addresses or domains, the system creates an allow list separately.

    4. To create an allow-list for file MD5 hash or Macro MD5:

      • In the Allow-List Type list, select File MD5.

      The File MD5 or the file's detected Macro MD5 will be displayed automatically.

      Notes:

      • Administrators can see the code of each Macro MD5 by selecting a specific Macro MD5.

      • You can add only one Macro in an Allow-List rule and the files containing the allow-listed macro will not be flagged as malicious.

    5. To create an allow-list for the file type:

      1. In the Allow-List Type list, select File Type.

      2. In the File Type field, enter the file extension.

      Note - If you add multiple file types, the system creates an allow list separately.

      For certain file types such as PDF, you can choose to allow files only when they contain links. To do that, in the Links list, select the required option.

      • Allow always (with or without links)

      • Allow only if contains links

      • Allow only if does not contain links

    6. (Optional) In the Comment field, enter a comment for the Allow-List rule.

      Notes:

      • Administrators can view this comment on the Email page to understand the reason for allowing the email.

      • Administrators can also use the comment text to filter specific Allow-Lists.

    7. Click OK.

Note - Macro MD5 Allow-List supports these file formats: DOC, DOCM, DOCX, DOTM, DOTX, POT, POTM, POTX, PPA, PPAM, PPS, PPSM, PPSX, PPT, PPTM, PPTX, XLAM, XLS, XLSB, XLSM, XLSX, XLTM, and XLTX.

Anti-Malware Block-List

Administrators can create Anti-Malware Block-List to mark any file type as malware. By adding a Block-List rule for a file type, the Anti-Malware engine automatically marks all matching file types as containing malware.

Note - For file types (PDF, EML, HTML) that support link identification, you can choose to block these files based on whether they contain links or not.

You can add Anti-Malware Block-List rule from any of these:

    1. Click Security Settings > Exceptions > Anti-Malware.

    2. In the drop-down from the top of the page, select the exception type as Block-List.

    3. Click Create Block-List.

    4. Enter the required File Type.

      Note - When you add multiple file types, each file type will be added as a separate exception.

    5. For the file types that support link identification (PDF, EML, and HTML), select one of these.

      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note - This option is available only for PDF, EML, and HTML file types.

    6. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    7. Click OK.

    1. Open the required attachment profile from the Security Events.

    2. Under Security Stack, click Create Block-List for Anti-Malware.

      The detected file type displays automatically.

    3. If required, add the required file types.

      Note - When you add multiple file types, each file type will be added as a separate exception.

    4. For the file types that support link identification (PDF, EML, and HTML), select one of these.

      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note - This option is available only for PDF, EML, and HTML file types.

    5. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    6. Click OK.

Password-Protected Attachments Allow-List

When a Password-Protected Attachment allow-list is detected for an email address or domain, the system ignores the Password-Protected Attachments workflow configured in the policy and delivers the attachment to the end-user.

  • Password detected: The system scans the attachments for malware and gives the verdict.

  • Password not detected: The system gives the verdict as allow-listed (clean) and delivers the attachment to the user.

To create a Password-Protected Attachments Allow-List:

  1. Click Security Settings > Exceptions > Anti-Malware.

  2. In the drop-down from the top of the page, select the exception type as Password-Protected Attachments.

  3. Click Create Allow-List.

  4. In the Email Address / Domain field, enter the email addresses or domains.

    If you enter multiple email addresses or domains, the system creates separate allow-list for each email address / domain.

  5. If required, enter a comment for the Allow-List rule.

  6. Click OK.