MC379408 – (Updated) Exchange Online-Updates to the file type list in the common attachment filter (archived)

Microsoft Exchange Logo

check before: 2022-05-27

Product:

Defender, Defender for Office 365, Exchange, Microsoft 365 Defender, Microsoft 365 suite, Microsoft Defender for Office 365

Platform:

Germany, Online, US Instances, Web, World tenant

Status:

In development

Change type:

Admin impact, Feature update, Updated message

Links:

85611

Details:

Updated July 05, 2022: We have updated the rollout timeline below and provided additional details. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy: The current list of the selection will be retained and appended with the new file types being added as part of default selection. As a result, the list of file selections in the default policy will be expanded while retaining all of the existing selection. There will be no changes to any of the other settings (like zap, admin notification configuration etc). The only change which will happen to the default policy is the expansion of the selection.
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting mid-July (previously early July) and completion of deployment by mid-August (previously late July)

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2022-05-13

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-09-15MC prepareReview existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more:

Anti-malware policy
Anti-malware policy protection FAQ
Current list of file types in pre-populated list
Current list of default file type selection


The list of file types:
7z, 7zip,
a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi,
bat, bin, bundle, bz, bz2, bzip2,
cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css,
deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib,
elf, exe,
font,
gz, gzip,
hlp, hta, htm, html,
img, imp, inf, ins, ipa, iso, isp, its,
jar, jnlp, js, jse,
kext, ksh,
lha, lib, library, lnk, lqy, lzh,
macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht,
mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst,
o, obj, odp, ods, odt, one, onenote, ops,
package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf,
prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py,
rar, reg, rev, rpm, rtf,
scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys,
tar, tarz, terminal, tgz, tool,
uif, url,
vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd,
workflow, ws, wsc, wsf, wsh,
xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz,
z, zi, zip, zipx,


The default selection from the above file type list is:
ace, apk, app, appx, ani, arj,
bat,
cab, cmd,com,
deb, dex, dll, docm,
elf, exe,
hta,
img, iso,
jar, jnlp,
kext,
lha, lib, library, lnk, lzh
macho, msc, msi, msix, msp, mst
pif, ppa, ppam,
reg, rev,
scf, scr, sct, sys,
uif,
vb, vbe, vbs, vxd
wsc, wsf, wsh
xll, xz
z
ps://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection#anti-malware-polici
ps://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-world
ps://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=856
Review existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more:

Anti-malware policy
Anti-malware policy protection FAQ
Current list of file types in pre-populated list
Current list of default file type selection


The list of file types:
7z, 7zip,
a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi,
bat, bin, bundle, bz, bz2, bzip2,
cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css,
deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib,
elf, exe,
font,
gz, gzip,
hlp, hta, htm, html,
img, imp, inf, ins, ipa, iso, isp, its,
jar, jnlp, js, jse,
kext, ksh,
lha, lib, library, lnk, lqy, lzh,
macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht,
mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst,
o, obj, odp, ods, odt, one, onenote, ops,
package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf,
prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py,
rar, reg, rev, rpm, rtf,
scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys,
tar, tarz, terminal, tgz, tool,
uif, url,
vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd,
workflow, ws, wsc, wsf, wsh,
xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz,
z, zi, zip, zipx,


The default selection from the above file type list is:
ace, apk, app, appx, ani, arj,
bat,
cab, cmd,com,
deb, dex, dll, docm,
elf, exe,
hta,
img, iso,
jar, jnlp,
kext,
lha, lib, library, lnk, lzh
macho, msc, msi, msix, msp, mst
pif, ppa, ppam,
reg, rev,
scf, scr, sct, sys,
uif,
vb, vbe, vbs, vxd
wsc, wsf, wsh
xll, xz
z
https://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection#anti-malware-policies
https://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-worldwide
https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=85611
2022-08-27MC prepareReview existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more:

Anti-malware policy
Anti-malware policy protection FAQ
Current list of file types in pre-populated list
Current list of default file type selection


The list of file types:
7z, 7zip,
a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi,
bat, bin, bundle, bz, bz2, bzip2,
cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css,
deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib,
elf, exe,
font,
gz, gzip,
hlp, hta, htm, html,
img, imp, inf, ins, ipa, iso, isp, its,
jar, jnlp, js, jse,
kext, ksh,
lha, lib, library, lnk, lqy, lzh,
macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht,
mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst,
o, obj, odp, ods, odt, one, onenote, ops,
package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf,
prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py,
rar, reg, rev, rpm, rtf,
scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys,
tar, tarz, terminal, tgz, tool,
uif, url,
vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd,
workflow, ws, wsc, wsf, wsh,
xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz,
z, zi, zip, zipx,


The default selection from the above file type list is:
ace, apk, app, appx, ani, arj,
bat,
cab, cmd,com,
deb, dex, dll, docm,
elf, exe,
hta,
img, iso,
jar, jnlp,
kext,
lha, lib, library, lnk, lzh
macho, msc, msi, msix, msp, mst
pif, ppa, ppam,
reg, rev,
scf, scr, sct, sys,
uif,
vb, vbe, vbs, vxd
wsc, wsf, wsh
xll, xz
z
https://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection#anti-malware-policies
https://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-worldwide
https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=85611
Review existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more:

Anti-malware policy
Anti-malware policy protection FAQ
Current list of file types in pre-populated list
Current list of default file type selection


The list of file types:
7z, 7zip,
a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi,
bat, bin, bundle, bz, bz2, bzip2,
cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css,
deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib,
elf, exe,
font,
gz, gzip,
hlp, hta, htm, html,
img, imp, inf, ins, ipa, iso, isp, its,
jar, jnlp, js, jse,
kext, ksh,
lha, lib, library, lnk, lqy, lzh,
macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht,
mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst,
o, obj, odp, ods, odt, one, onenote, ops,
package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf,
prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py,
rar, reg, rev, rpm, rtf,
scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys,
tar, tarz, terminal, tgz, tool,
uif, url,
vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd,
workflow, ws, wsc, wsf, wsh,
xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz,
z, zi, zip, zipx,


The default selection from the above file type list is:
ace, apk, app, appx, ani, arj,
bat,
cab, cmd,com,
deb, dex, dll, docm,
elf, exe,
hta,
img, iso,
jar, jnlp,
kext,
lha, lib, library, lnk, lzh
macho, msc, msi, msix, msp, mst
pif, ppa, ppam,
reg, rev,
scf, scr, sct, sys,
uif,
vb, vbe, vbs, vxd
wsc, wsf, wsh
xll, xz
z
ps://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection#anti-malware-polici
ps://docs.microsoft.com/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-world
ps://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=856
2022-07-06MC MessagesUpdated June 23, 2022: We have updated the rollout timeline below. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting early July (previously mid-June) and completion of deployment by late July
Updated July 05, 2022: We have updated the rollout timeline below and provided additional details. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy: The current list of the selection will be retained and appended with the new file types being added as part of default selection. As a result, the list of file selections in the default policy will be expanded while retaining all of the existing selection. There will be no changes to any of the other settings (like zap, admin notification configuration etc). The only change which will happen to the default policy is the expansion of the selection.
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting mid-July (previously early July) and completion of deployment by mid-August (previously late July)
2022-07-06MC How AffectOnce these changes are rolled out, the list of default file type selections to the newly created policies and the default policy will differ from your existing policies. You will need to review the existing policies and update the list with recommended file types (see below).Once these changes are rolled out, the list of default file type selections to the newly created policies and the default policy will differ from your existing policies. As the selection in the default policy will be expanded, there could be some messages which could be quarantined due to new file type addition. You will need to review the existing policies and update the list with recommended file types (see below).
2022-07-06MC Last Updated06/23/2022 21:41:532022-07-05T21:24:46Z
2022-07-06MC End Time08/31/2022 09:00:002022-09-26T09:00:00Z
2022-06-24MC MessagesUpdated June 1, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting mid-June and completion of deployment by late July
Updated June 23, 2022: We have updated the rollout timeline below. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting early July (previously mid-June) and completion of deployment by late July
2022-06-24MC Last Updated06/01/2022 18:58:482022-06-23T21:41:53Z
2022-06-02MC MessagesIn anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting mid-June and completion of deployment by late July
Updated June 1, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.
In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell.

Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default.

After rollout, this new expanded list along with the default selection will automatically apply to:

Any new anti-malware policies that you create
The default anti-malware policy
The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below).

This message is associated with Microsoft 365 Roadmap ID 85611

[When this will happen:]

Starting mid-June and completion of deployment by late July
2022-06-02MC TitleExchange Online-Updates to the file type list in the common attachment filter(Updated) Exchange Online-Updates to the file type list in the common attachment filter
2022-06-02MC Last Updated05/13/2022 02:31:022022-06-01T18:58:48Z
2022-06-02MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact

*starting April 2022

Last updated 5 days ago

Login to your account

Welcome Back, We Missed You!