Office 365: Block cryptrolocker virus (or any exe or exe in zip)


What we are trying to achieve1

Office 365 by default, for some reason, allows .ZIP files through even if they contain a .EXE file which is, well – mad.  With all these viruses around it is worth configuring your tenancy to block all executable files from being received on email.

Here is how to fix it:-

1 – Go to your tenancy portal, and Admin–>Exchange

2 – Click the MAIL FLOW menu on the left, then “rules” (if not already selected)

3 – Click the “+” icon then “create a new rule”2

4 – Give the rule a name, then IMPORTANTLY, click the “more options” link before you do anything else..

5 – Then create a rule with the following:-

  • Apply this rule if:  Any Attachment –> File extension includes these words  (add  exe  msi  bat   com   vbs  )
  • Do the following:  Block the message–>Reject the message and include explanation “We don’t want executable attachments thanks”
  • Leave rest alone and OK it

Create a 2nd, rule, similar but different (remember the “more options link”) and

  • Apply this rule if:  Any Attachment –>  Has executable content
  • Do the following:  Block the message–>Reject the message and include explanation “We don’t want executable attachments thanks”
  • Leave rest alone and OK it

6 – Wait 30 mins and test

 

This should stop most executable content from getting in to your email, but of course, test test and test again