Archive for February, 2015

Office 365 Block Executable Attachments (Cryptolocker)

Friday, February 6th, 2015

Connect to Exchange Tenant using PowerShell (http://www.msdigest.net/2012/03/how-to-remote-powershell-into-exchange-online-office-365/)

Open PowerShell
Run following commands
$Cred = Get-Credential (enter in your Office365 Admin credentials

$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection

Import-PSSession $s

Once connected run the following 2 commands (http://nickwhittome.com/2014/10/16/blocking-executable-attachments-even-in-zip-files-on-office-365/)

New-TransportRule -Name ‘Rule 2 – Block Executable Content MS Standard’ -Priority ‘0’ -Enabled $true -AttachmentHasExecutableContent $True -RejectMessageReasonText

‘Block Rule 2 – Sorry your mail was blocked because it contained executable content’ -StopRuleProcessing $true -SetAuditSeverity Low -SenderAddressLocation

HeaderOrEnvelope

New-TransportRule -Name ‘Rule 1 – Block Attachments Rule – Extensions’ -Priority ‘0’ -Enabled $true -AttachmentExtensionMatchesWords

‘bat’,’chm’,’cmd’,’com’,’cpl’,’crt’,’exe’,’hlp’,’hta’,’inf’,’ins’,’isp’,’jse’,’lnk’,’mdb’,’ms’,’msi’,’pcd’,’pif’,’reg’,’scr’,’sct’,’shs’,’vb’,’vbs’,’ws’ –

RejectMessageReasonText ‘Block Rule 1 – Sorry your mail was blocked because it contained executable content.’ -StopRuleProcessing $true -SetAuditSeverity Low –

SenderAddressLocation HeaderOrEnvelope

When completed successfully you should see 2 new rules show up within Mailflow – Rules

Logout of your PowerShell session by running the following command Remove-PSSession $s