04 August 2021

Add file extentions to the default Exchange Online Protection MalwareFilterPolicy with PowerShell

By default there are only a few extensions on the EOP list:

Get-MalwareFilterPolicy -Identity default | fl filetypes            
            
FileTypes : ace, ani, app, docm, exe, jar, reg, scr, vbe, vbs
You might want to add some more, here a quick way to do so:

First add the following to your PowerShell session to see all output:
$FormatEnumerationLimit =-1

The following to add the desired extensions to the list: Note the + sign, this is not an error but allows the list to be appended.
$FileTypesAdd = Get-MalwareFilterPolicy -Identity Default | select -Expand FileTypes            
$FileTypesAdd += "ace", "ani", "app", "appcontent-ms", "appref-ms", "bat", "cdxml", "cer", "cmd", "cnt", "com", "crt", "der", "diagcab", `
"docm", "epub", "exe", "grp", "hpj", "iqy", "jar", "jnlp", "js", "lnk", "mcf", "msh", "msu", "nzb", "par", "par2", "pif", "pl", "printerexport", `
"ps1", "ps1xml", "ps2", "ps2xml", "psc1", "psc2", "psd1", "psdm1", "pssc", "py", "pyc", "pyo", "pyw", "pyz", "pyzw", "reg", "scf", "scr", `
"settingcontent-ms", "theme", "udl", "vb", "vbe", "vbp", "vbs", "webpnp", "website", "wsb", "wsc", "wsh", "xbap", "xll", "xnk"
Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true -FileTypes $FileTypesAdd
Check to see the setting:
Get-MalwareFilterPolicy -Identity default | fl filetypes
$FileTypesAdd += ace, ani, app, appcontent-ms, appref-ms, bat, cdxml, cer, cmd, cnt, com, crt, der, diagcab, `
docm, epub, exe, grp, hpj, iqy, jar, jnlp, js, lnk, mcf, msh, msu, nzb, par, par2, pif, pl, printerexport, `
ps1, ps1xml, ps2, ps2xml, psc1, psc2, psd1, psdm1, pssc, py, pyc, pyo, pyw, pyz, pyzw, reg, scf, scr, `
settingcontent-ms, theme, udl, vb, vbe, vbp, vbs, webpnp, website, wsb, wsc, wsh, xbap, xll, xnk
In case you made a mistake and want to start over:

Set-MalwareFilterPolicy -Identity default -FileTypes $null

No comments:

Post a Comment