ORCA.120.2 - Zero Hour Autopurge Enabled for Malware.

Overview

Zero Hour Autopurge can assist removing false-negatives post detection from mailboxes. By default, it is enabled.

Remediation action

Enable Zero Hour Autopurge.

Related Links

• Microsoft 365 Defender Portal - Anti-malware
• Recommended settings for EOP and Microsoft Defender for Office 365 security

Test Metadata

Field	Value
Test ID	ORCA.120.2
Severity	Medium
Suite	ORCA
Category	EXO
PowerShell test	Test-ORCA120_malware
Tags	EXO, ORCA, ORCA.120.2

Source

• Pester test: tests/orca/Test-ORCA120_malware.Tests.ps1
• PowerShell source: powershell/public/orca/Test-ORCA120_malware.ps1