ORCA.189 - Safe Attachments is not bypassed.
Overview
Microsoft Defender for Office 365 Safe Attachments assists scanning for zero day malware by using behavioural analysis and sandboxing, supplementing signature definitions. The protection can be bypassed using mail flow rules which set the X-MS-Exchange-Organization-SkipSafeAttachmentProcessing header for email messages.
Remediation action
Remove mail flow rules which bypass Safe Attachments.
Related Links
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.189 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA189 |
| Tags | EXO, ORCA, ORCA.189 |
Source
- Pester test:
tests/orca/Test-ORCA189.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA189.ps1