Description
- Type: CUSTOMER
- Severity: NOTICE
- Protection against: MALWARE
- CIS: M365 4.1 - (L1) Ensure the Common Attachment Types Filter is enabled
This Customer Check attempts to determine if Microsoft Exchange is configured to block certain file types in emails.
Why this check?
Malware can reach your organization via email. One way this happens is by attaching a file with program code to an email. Only files of certain types, such as .exe, can contain such code. At the same time, it is illogical for many organizations to exchange such file types for legitimate reasons via email. Therefore, it is advisable to block such file types from email as much as possible, which can be done using the file filter configuration in Microsoft Exchange.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 4.1 - (L1) Ensure the Common Attachment Types Filter is enabled
What possible outcomes does the check have?
This check has a binary function. There are only two options: the File Filter setting is active or not active. In Attic, this is reflected as follows:
- Okay: the file filter in email is active
- Notice: the file filter in email is not active, the advice is to enable it
How should this be followed up?
If the check results in an output of Notice, we advise enabling the file filter. Note that this will prevent certain file types from being sent via email. It is advisable to first inform your organization before activating the setting.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.