How to: add any filetype to your anti-malware policy

It is easily to select some filetypes to block for inbound email in an Exchange Online anti-malware policy. But what if the filetype you want to block is not listed? I will explain in this post how to block them.

Cause

You have configured an anti-malware policy in Exchange Online and selected the filetypes that you want to block for inbound email. But during the selection of filetypes, you notice that not all filetypes are listed that you want to block. Like a .dmg file for your Mac users or an .doc file that may contains a VB- script.

Solution

The solution is PowerShell. You can only add those unwanted filetypes by connecting to the Exchange Online PowerShell. In this case we will add and remove filetypes from the ‘default’ anti-malware policy. If you got a custom anti-malware policy, just rename ‘default’ into your anti-malware policy name.

First run:

Get-MalwareFilterPolicy -Identity Default | Select-Object -Expand FileTypes

Now you have all your filetypes that you select in the GUI, you notice that you do not see a dot before the filetypes. Do not add a dot when adding filetypes to the policy with PowerShell. In the following command we will add ‘dmg’ and ‘doc’ to the ‘default’ anti-malware policy.

$FileTypesAdd = Get-MalwareFilterPolicy -Identity Default | Select-Object -Expand FileTypes
$FileTypesAdd += "dmg","doc"
Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true -FileTypes $FileTypesAdd

Run again:

Get-MalwareFilterPolicy -Identity Default | Select-Object -Expand FileTypes

No you see that ‘dmg’ and ‘doc’ are added to the anti-malware policy. From now on you can add any filetype.

To remove a filetype from the anti-malware policy we need PowerShell also to get this job done by running:

$ft = Get-MalwareFilterPolicy -Identity Default
$a = [System.Collections.ArrayList]($ft.FileTypes)
$a
$a.RemoveAt(19)
Set-MalwareFilterPolicy -Identity Default -FileTypes $a

The above script will delete the filetype with index number 19. To know what the index number per filetype is, run again:

Get-MalwareFilterPolicy -Identity Default | Select-Object -Expand FileTypes

If you have an amount of 21 filetypes and you want to delete the filetype on line 20 you need to delete line 19, because the first file type in the list has the index number 0.

For example if this is your output:

0:  msi
1:  fxp
2:  ace
3:  ani
4:  app
5:  docm
6:  exe
7:  jar
8:  reg
9:  scr
10: vbe
11: vbs
12: cer
13: com
14: crt
15: dll
16: ps1
19: vsmacros
20: dmg
21: doc

The first filetype ‘msi’ has the index number 0. From here you can delete any filetype on each index number.


Share this: