locked
PCAP file format is blocking falsely by Anti-Malware Agent into Exchange Server 2016 RRS feed

  • Question

  • Error Message
    We have tried to send the .pcap file as .zip file(password protected) but still unable to send .pcap file. Please be informed, we were able to send the .pcap file into exchange server 2016. Suddenly, we are facing this problem.


    • Edited by Al Amran Wednesday, February 12, 2020 12:07 PM
    Wednesday, February 12, 2020 11:58 AM

All replies

  • Hi Al-Imran,

    You're using on-premise Exchange 2016 or hybrid Exchange?

    This issue usually occurs on Exchange online, but some non-Exchange user will also meet this problem.

    Does the issue occur to a specific person? Is the recipient internal or external, or all have this issue?

    Antimalware protection in Exchange Server 2016 helps combat viruses and spyware in your email messaging environment. 

    You can use the following commands to bypass malware filtering which allows you to temporarily disable malware filtering on the server without disrupting mail flow, then do a test with sending messages with attachments:

    Set-MalwareFilteringServer -Identity <ServerIdentity> -BypassFiltering <$true>
    For some detailed information, refer to this topic.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.



    Thursday, February 13, 2020 2:42 AM
  • HI,

    Can you also Disable the Defer the message if rule processing doesn't complete option in the transport rule. Be aware that this option may be set on any rule in the rules list

    if not then follow by disabling antimalware suggested as below

    Thanks


    Vinny | Freelancer | Microsoft Certified Azure Solutions Architect Expert| Microsoft 365 Certified: Enterprise Administrator | Microsoft 365 Certified: Messaging Administrator Associate| ITILV3 | PMP

    Thursday, February 13, 2020 6:25 AM
  • Hello Eric,

    Thanks for your reply.

    We are using Exchange 2016 not hybrid. This issue is occurring with both recipients internal and external.

    I don't want to bypass filtering true state. Without enable bypass filtering, can you tell any explanation that why .pcap file is filtering by Anti malware agent into Exchange server 2016?

    Earlier, i had mentioned that i had able to send this pcap file previously that's why i want to know from you, why pcap file is blocking now all of a sudden? Is there any reference blog/article that related with this, if so, please forward to me.

    Thanks & Regards,

    Al Amran


    Thanks & Regards, Al Amran Technology Specialist Cell: +8801755606024 Tech One Global (Pvt.) Limited House : 10/A , 3rd floor , Road : 4 ,Gulshan Avenue 01, Dhaka-1212, Bangladesh



    • Edited by Al Amran Monday, February 17, 2020 11:07 AM
    Monday, February 17, 2020 6:01 AM
  • Hello Vinny, 

    Thanks for your reply.

    Can you specify the transport rule which we could disable Defer the message if rule processing doesn't complete option. We have many transport rules in our environment. If you have any screenshots regarding this, please share with me.

    Thanks & Regards,

    Al Amran


    Thanks & Regards, Al Amran Technology Specialist Cell: +8801755606024 Tech One Global (Pvt.) Limited House : 10/A , 3rd floor , Road : 4 ,Gulshan Avenue 01, Dhaka-1212, Bangladesh

    Monday, February 17, 2020 6:03 AM
  • Hi Al-Imran,

    You can use the following commands to check if there are rules ticked " Defer the message if rule processing doesn't complete" in your server.

    Get-TransportRule | Where {$_.Ruleerroraction -ne $Defer}

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, February 20, 2020 8:22 AM
  • Hi, I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, February 25, 2020 9:14 AM
  • Hello Eric,

    Sorry for late reply.

    We have applied your provided solution which is Defer the message if rule processing doesn't complete is ticked.

    But this issue has not been resolved yet.

    Thanks & Regards,

    Amran


    Thanks & Regards, Al Amran Technology Specialist Cell: +8801755606024 Tech One Global (Pvt.) Limited House : 10/A , 3rd floor , Road : 4 ,Gulshan Avenue 01, Dhaka-1212, Bangladesh

    Friday, April 24, 2020 9:11 PM