none
Block executable files rule does not work in Exchange 2013.

    Question

  • Hello all.

    We have a task to block all executable files.

    So I have created a rule:

    New-TransportRule -Name ‘Rule 2 – Block Executable Content-Priority ‘0’ -Enabled $true -AttachmentHasExecutableContent $True -RejectMessageReasonText ‘Block Rule 2 – Sorry your mail was blocked because it contained executable content’ -StopRuleProcessing $true -SetAuditSeverity Low -SenderAddressLocation HeaderOrEnvelope

    But, for example, *.jar files are not blocked.

    I know that transport agent has its' own procedure for identifying executable content, but does anybody else have such problem?

    Tuesday, October 18, 2016 8:25 AM

Answers

  • Hi,

    .jar files are one the list of executable files so they should indeed be blocked, see https://technet.microsoft.com/en-us/library/jj674307(v=exchg.150).aspx.

    If they are not, add a second transport rule that blocks attachments based on their extension: 'wsh' or 'wsf' or 'wsc' or 'vbs' or 'vbe' or 'url' or 'scr' or 'reg' or 'pif' or 'msp' or 'msi' or 'msc' or 'lnk' or 'jse' or 'js' or 'jar' or 'hta' or 'gadget' or 'exe' or 'cpl' or 'com' or 'cmd' or 'bat' or 'application'. Use -AttachmentNameMatchesPatterns to do this.

    Even though it's not the solution you were looking for, it is a best practice to filter both on extension and on file format.


    Peter Van Gils Toa Projects

    Tuesday, October 18, 2016 9:33 AM
  • Hi,

    Based on my test and researching, unfortunately no other solutions.

    AttachmentHasExecutableContent will block some executable file types in supported list, like .exe. But not all, so just use AttachmentExtensionMatchesWords condition instead of using AttachmentHasExecutableContent.

    If you have comments or questions about this topic or about the overall Help experience, we'd love to hear from you. Just send your feedback to Exchange 2013 Help Feedback. Your comments will help us provide the most accurate and concise content.

    Thanks for understanding.


    Regards,

    Lynn-Li

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 19, 2016 9:27 AM
    Moderator

All replies

  • Hi,

    .jar files are one the list of executable files so they should indeed be blocked, see https://technet.microsoft.com/en-us/library/jj674307(v=exchg.150).aspx.

    If they are not, add a second transport rule that blocks attachments based on their extension: 'wsh' or 'wsf' or 'wsc' or 'vbs' or 'vbe' or 'url' or 'scr' or 'reg' or 'pif' or 'msp' or 'msi' or 'msc' or 'lnk' or 'jse' or 'js' or 'jar' or 'hta' or 'gadget' or 'exe' or 'cpl' or 'com' or 'cmd' or 'bat' or 'application'. Use -AttachmentNameMatchesPatterns to do this.

    Even though it's not the solution you were looking for, it is a best practice to filter both on extension and on file format.


    Peter Van Gils Toa Projects

    Tuesday, October 18, 2016 9:33 AM
  • I already did a second rule, which blocks attachments based on their extension, but you are right - I am looking for another solution...

    Tuesday, October 18, 2016 11:43 AM
  • Hi,

    Based on my test and researching, unfortunately no other solutions.

    AttachmentHasExecutableContent will block some executable file types in supported list, like .exe. But not all, so just use AttachmentExtensionMatchesWords condition instead of using AttachmentHasExecutableContent.

    If you have comments or questions about this topic or about the overall Help experience, we'd love to hear from you. Just send your feedback to Exchange 2013 Help Feedback. Your comments will help us provide the most accurate and concise content.

    Thanks for understanding.


    Regards,

    Lynn-Li

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 19, 2016 9:27 AM
    Moderator
  • Hi,

    If you are open to use third party solutions, you may want to try out CodeTwo Exchange Rules Pro: http://www.codetwo.com/exchange-rules-pro/?sts=6398

    The application can remove executable files (or any other files) from emails based on a library of predefined executable file extensions, which include the *.jar extension as well. You can add or remove any extensions if necessary. 

    Here you can read more about this feature: http://www.codetwo.com/userguide/exchange-rules-pro/strip-dump-attachments.htm?sts=6398.

    If you would like to test CodeTwo Exchange Rules Pro to see whether it do exactly what you need it do, download and run a free 30-day trial: http://www.codetwo.com/exchange-rules-pro/download?sts=6398.

    In case of any questions, just give me a shout.

    All the best,
    Adam (CodeTwo)

    CodeTwo: Software solutions for Exchange and Office 365

    Wednesday, October 19, 2016 1:12 PM
  • Thanks, I already researched an idea for using 3-rd party products.

    As I see only transport agent developers can answer the question, how the agent scans executable files...

    Thursday, October 20, 2016 9:03 AM

  • As I see only transport agent developers can answer the question, how the agent scans executable files...

    Regarding CodeTwo Exchange Rules Pro, it does not scan executable files, but only scans names of attachments to find specific extensions (e.g. extensions of executable files).

    Adam (CodeTwo)


    CodeTwo: Software solutions for Exchange and Office 365


    Friday, October 21, 2016 11:44 AM