˄˅

Protection settings for Exchange Online

This section provides information about changing Exchange Online general, Anti-Malware, Anti-Spam or Anti-Phishing settings and options.

Exchange Online general

ESET LiveGrid® feedback

Data will be sent to the ESET Research Lab for further analysis. Read more about ESET LiveGrid® in the glossary.

Log all objects

If this option is selected, all scan results (including clean) will be shown in Scan logs. The retention policy for clean scan results is three days. Scan results older than three days will be removed permanently.

Exchange Online Anti-Malware

Enable Exchange Online Anti-Malware

This feature is active when enabled, and you can configure detailed options.

Reporting & Machine Learning Protection

Advanced Machine learning is now a part of the detection engine as an advanced layer of protection, which improves detection. Read the following before modifying a threshold (or level) for category Reporting.

When items are reported

•No action—No action is performed, and the email is delivered to the recipient.

•Move to Junk—The email is moved to the Junk folder.

•Move to Trash—The email is moved to the Trash folder.

•Delete message—The email is deleted.

•Quarantine message—The original email is deleted, and a copy of the email is stored in the quarantine. If you decide to release the email from quarantine, it is sent as an attachment in a new email and delivered to the recipient.

•Delete attachment—The message attachment is deleted and will be delivered to the recipient without the attachment.

•Replace attachment—The attachment is replaced with a text file that contains detailed information about the action taken.

•Quarantine attachment—The attachment is removed from the email and placed into the file quarantine.

Attachment replace text

Replaces the attachment with a text file that contains detailed information about an action taken.

Tag subject

When enabled, you can modify templates added to the subject of infected messages.

Tag subject text

You can add a custom tag to the subjects of affected messages.

Notify mailbox owner

When enabled, the user will receive a notification email when a detection is found.

Language

Choose a desired language from the drop-down menu. The mailbox owner will receive notification emails in the selected language when an object is released from Exchange Online quarantine. This option overrides the default tenant language in settings.

Notify administrator

Specify an email address (press Enter to add multiple addresses) to receive notification emails whenever a detection is found.

Exchange Online Anti-Spam

Enable Exchange Online Anti-Spam

This feature is active when enabled, and you can configure detailed options.

When items are reported

•No action—No action is performed, and the email is delivered to the recipient.

•Move to Junk—The email is moved to the Junk folder.

•Move to Trash—The email is moved to the Trash folder.

•Delete message—The email is deleted.

•Quarantine message—The original email is deleted, and a copy of the email is stored in the quarantine. If you decide to release the email from quarantine, it will be sent as an attachment in a new email and delivered to the recipient.

Tag subject

When enabled, you can modify templates added to the subject of infected messages.

Tag subject text

You can add a custom tag to the subjects of affected messages.

You can configure Approved, Blocked and Ignored lists by specifying criteria such as IP address or range, domain name, etc. To add, modify or delete criteria, click Edit for the list you want to manage. Alternatively, you can import your custom list from a file instead of manually adding every entry, click Import and browse for your (.txt) file containing entries you want to add to the list. Likewise, if you need to export your existing list to a (.txt) file, select Export from the context menu.

Approved IP list	Automatically whitelists emails originating from specified IP addresses. Email content will not be checked.
Blocked IP list	Automatically blocks emails originating from specified IP addresses.
Ignored IP list	List of IP addresses that will be ignored during classification. Email content will be checked.
Approved senders list	Whitelists emails originating from a specified sender or domain. Only one sender address or a whole domain is used for verification based on the following priority: 1.SMTP 'MAIL FROM' address 2."Return-Path:" email header field 3."X-Env-Sender:" email header field 4."From:" email header field 5."Sender:" email header field 6."X-Apparently-From:" email header field
Blocked senders list	Blocks emails originating from a specified sender or domain. All identified sender addresses or whole domains are used for verification: SMTP 'MAIL FROM' address "Return-Path:" email header field "X-Env-Sender:" email header field "From:" email header field "Sender:" email header field "X-Apparently-From:" email header field

Exchange Online Anti-Phishing

Enable Exchange Online Anti-Phishing

This feature is active when enabled, and you can configure detailed options.

When items are reported

•No action—No action is performed, and an email with a malicious attachment is delivered to the recipient.

•Move to Junk—The email is moved to the Junk folder.

•Move to Trash—The email is moved to the Trash folder.

•Delete message—The email is deleted.

Tag subject

When enabled, you can modify templates added to the subject of infected messages.

Tag subject text

You can add a custom tag to the subjects of affected messages.

Notify mailbox owner

When enabled, the user will receive a notification email when detection is found.

Notify administrator

Specify an email address (press Enter to add multiple addresses) that will receive notification emails whenever a detection is found for any Exchange Online user.

˄˅