ORCA.189 - Safe Attachments is not bypassed.
Overviewβ
Microsoft Defender for Office 365 Safe Attachments assists scanning for zero day malware by using behavioural analysis and sandboxing, supplementing signature definitions. The protection can be bypassed using mail flow rules which set the X-MS-Exchange-Organization-SkipSafeAttachmentProcessing header for email messages.
Remediation actionβ
Remove mail flow rules which bypass Safe Attachments.
Related Linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.189 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA189 |
| Tags | EXO, ORCA, ORCA.189 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA189.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA189.ps1