Email Security - Executable Attachments

As we transition to our new enhanced email security system, there will be a change in behavior when the scanning engine encounters an executable attachment.

Old Behavior

Our previous scanning system also took action on a defined list of file extensions. That system would rename executable files and add warning text to the body of the message. In most cases the file was delivered but would need to be renamed in order to execute the file. It would not be delivered if it matched known virus or malware signatures.

New Behavior

If an email sent to your account includes an attachment with one of the file extensions listed below, the attachment will be removed before the email is delivered and the following will be prefixed to the subject of the email - [Attachment Removed]. This is consistent with Microsoft behavior, which also Blocks Attachments in Outlook.

This also applies to archives attached to emails (typically .zip or .tar files). If an archive contains a file with an extension listed below, the archive will be removed before the email is delivered.

Important: We are unable to recover files removed by the gateway. You will need to work with the sender to use an alternative method for sharing these types of files. Use the workarounds listed below if you need to receive a file.

How can I receive (or share) files?

Using email as a file sharing workflow is not the best or most secure tool. Once the transition to the new email security system is complete, please use one of the following options:

  • Use a collaboration tool (recommended).
  • Ask the sender to rename the file before sending. Once you receive the file attachment within your email, you can save it to your computer and restore the original file extension.

List of files extensions removed by new email security system

  • 386
  • 3gr
  • add
  • ade
  • appcontent-ms
  • asp
  • bas
  • bat
  • cer
  • chm
  • class
  • cmd
  • cnt
  • com
  • cpl
  • crt
  • dbx
  • der
  • diagcab
  • dll
  • exe
  • fon
  • grp
  • hlp
  • hpj
  • hta
  • inf
  • ins
  • isp
  • jar
  • jnlp
  • js
  • jse
  • lnk
  • mcf
  • mdb
  • mde
  • msc
  • msh
  • msh1
  • msh1xml
  • msh2
  • msh2xml
  • mshxml
  • msi
  • msp
  • mst
  • msu
  • ocx
  • pcd
  • pif
  • pl
  • printerexport
  • ps1
  • ps1xml
  • ps2
  • ps2xml
  • psc1
  • psc2
  • psd1
  • psdm1
  • py
  • pyc
  • pyo
  • pyw
  • pyz
  • pyzw
  • reg
  • scf
  • scr
  • sct
  • settingcontent-ms
  • shb
  • shs
  • theme
  • url
  • vb
  • vbe
  • vbp
  • vbs
  • vxd
  • website
  • ws
  • wsc
  • wsf
  • wsh
  • xbap
  • xll
  • xnk

See Also


Keywords:
microsoft ms office365 o365 m365 file extensions malicious proofpoint zip attachment removed 386 3gr add ade appcontent-ms asp bas bat cer chm class cmd cnt com cpl crt dbx der diagcab dll exe fon grp hlp hpj hta inf ins isp jar jnlp js jse lnk mcf mdb mde msc msh msh1 msh1xml msh2 msh2xml mshxml msi msp mst msu ocx pcd pif pl printerexport ps1 ps1xml ps2 ps2xml psc1 psc2 psd1 psdm1 py pyc pyo pyw pyz pyzw reg scf scr sct settingcontent-ms shb shs theme url vb vbe vbp vbs vxd website ws wsc wsf wsh xbap xll xnk proof point 
Doc ID:
126802
Owned by:
O365 S. in Microsoft 365
Created:
2023-03-22
Updated:
2024-09-13
Sites:
DoIT Help Desk, Microsoft 365