locked
my users keet getting email titles with "Suspicious part has been quarantined : XXXXX" RRS feed

  • Question

  • Hi all

    We have an Exchange server 2013 installation , the deployment is only one server that host all the roles (with out edge Role)

    we have about 100 users ,

    We have a problem , my users are getting emails with title " Suspicious part has been quarantined : <some text> " .

    how can I stop this ?

    I think there is a malware filtering that adds this title (Suspicious part has been quarantined : XXXX) and I want to configure to delete those emails , I don't want my users receive those emails .

    help me please .

    Thanks 

    Friday, September 9, 2016 8:02 PM

Answers

  • Hi

    Are you running any AV on your Exchange servers?

    You can setup a transport rule to stop it or move it to a "quarantine" mailbox.


    Microsoft PFE

    • Proposed as answer by Jason.Chao Monday, September 12, 2016 6:23 AM
    • Marked as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    Monday, September 12, 2016 4:44 AM
  • Hi Ary,

    Thanks for your reply.

    How do you set the Transport rule?

    Since all the emails have the title “Suspicious part has been quarantined : <some text>”, did you set the transport rule to delete the emails with this title?

    Best regards,


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    • Proposed as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    • Marked as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    • Edited by Jason.Chao Friday, September 23, 2016 8:30 AM
    Monday, September 19, 2016 2:34 AM

All replies

  • Hi

    Are you running any AV on your Exchange servers?

    You can setup a transport rule to stop it or move it to a "quarantine" mailbox.


    Microsoft PFE

    • Proposed as answer by Jason.Chao Monday, September 12, 2016 6:23 AM
    • Marked as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    Monday, September 12, 2016 4:44 AM
  • Hi,

    Agree with Edward, please take the following article for your reference:

    Mailbox quarantining in Exchange 2010 and Exchange 2013

    Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. And the changes made in the above blog is not supported officially by Microsoft.

    Hope it helps.


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, September 12, 2016 6:24 AM
  • Dear Edward ,

    Thanks for your reply ,

    - I don't have any 3rd party protection software running on the server , I only installed Windows 2012 server and Exchange server 2013 .

    - I setup transport rules , but it is not blocking those emails .

    I looks there is a protection agent on exchange 2013 that is disinfecting some suspicious emails that are targeting my users , but it only disinfect those emails and I want to delete them .

    Thanks

    Monday, September 12, 2016 5:43 PM
  • Hi Ary,

    Thanks for your reply.

    How do you set the Transport rule?

    Since all the emails have the title “Suspicious part has been quarantined : <some text>”, did you set the transport rule to delete the emails with this title?

    Best regards,


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    • Proposed as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    • Marked as answer by Jason.Chao Friday, September 23, 2016 2:08 AM
    • Edited by Jason.Chao Friday, September 23, 2016 8:30 AM
    Monday, September 19, 2016 2:34 AM
  • Dear Jason ,

    I am still reciving those emails !

    I create Transport rules @ ECP > mail flow > rules > {create the rule}

    and this is the summery of the rule that I create to delete those emails

    If the message...
    Includes these words in the message subject or body: 'Suspicious part has been quarantined'
    Do the following...
    Delete the message without notifying the recipient or sender
    Rule comments
    Rule mode
    Enforce

    and this is the first rule !

    please help me

    Thanks

    Friday, September 23, 2016 8:23 AM
  • Hi Ary,

    Use the following command to check the transport rule agent is enabled and the priority is 1:

    Get-transportagent

    Use : set-trasnportagent “transport rule agent” -priority 1 to change the value of priority.

    Note: please restart the MS exchange transport service.

    You can also configure a spam quarantine mailbox with the SCL value to receive the quarantined messages:

    Please see: https://technet.microsoft.com/en-us/library/bb123746(v=exchg.150).aspx

    Hope it helps.

    BR.


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, September 27, 2016 8:36 AM