File Blocking

(Exchange Online and Gmail only) Select the scope of email messages that Malware Scanning applies to.

• All messages: means that this policy applies to incoming, outgoing, and internal email messages. Incoming/outgoing email messages are sent from/to non-internal domains.

• Incoming messages: means that this policy applies only to incoming email messages sent from non-internal domains.

Select whether to block all files or specific files.

If Type of File Blocking is set to "Block All Files":

• Select File types not blocked to select or specify true file types that Cloud App Security never blocks.

• Select File extensions not blocked to select or specify file extensions that Cloud App Security never blocks.

• Select File names not blocked to type the file name that Cloud App Security never blocks.

If Type of File Blocking is set to "Block Specific Files":

• Select File types to block to select or specify true file types that Cloud App Security always blocks.

• Select File extensions to block to select or specify file extensions that Cloud App Security always blocks.

  Optionally click Export to export the specified file extensions as a .txt file.

  Optionally click Import to import file extensions in batches. The extension cannot exceed 255 characters, begin or end with a period ("."), or contain unsupported characters (/ \ : * ? < > " |) . The total number of users, including those already added, cannot exceed 1,000.

• Select File names to block to type the file name that Cloud App Security always blocks.

Select the check box to scan for excluded file extensions and file names inside compressed files.

Cloud App Security deletes the file, infected, malicious, or undesirable content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced.

Cloud App Security moves the email message to a dedicated quarantine location, removing it as a security risk to protected services.

Cloud App Security deletes the entire email message.

Cloud App Security records the detection in a log and the message is unchanged.

Specify the Replacement file name and Replacement text that Cloud App Security uses when an attachment violating the policy rules arrives. Cloud App Security replaces the file/text with the configured replacement information.

Cloud App Security moves the file to a restricted access folder, removing it as a security risk to protected services.

Cloud App Security deletes the file and replaces it with a placeholder using the original file name and .txt.

Cloud App Security records the detection in a log and the file is unchanged.

Specify text to replace the original file content when a file is quarantined or deleted.

Cloud App Security records the detection in a log and the message is unchanged.

Cloud App Security calls Microsoft Teams to hide the message from both the sender and recipient.

Cloud App Security includes a label Risky (by Trend Micro) at the top of the email message in the user's mailbox.

Cloud App Security moves the file to a restricted access folder, removing it as a security risk to protected services.

Cloud App Security deletes the entire email message.

Cloud App Security records the detection in a log and the message is unchanged.

Cloud App Security adds a tag to the file name to warn stakeholders about threats detected in uploaded files.

Cloud App Security moves the file to a restricted access folder, removing it as a security risk to protected services.

Cloud App Security deletes the entire email message.

Cloud App Security records the detection in a log and the message is unchanged.

• Select Apply secondary action when file quarantine fails and specify a secondary action if you want to take backup action when the quarantine action for a file fails. This option can be configured only when a Quarantine action is selected.

• Specify the File name tag and Replacement text that Cloud App Security uses when a file violating the policy rules is detected. Cloud App Security adds the specified tag to the file name if the Tag file name action is selected in the Action section. If the file is quarantined or deleted, Cloud App Security replaces the original file content with the specified replacement text.

Specify message details to notify administrators that Cloud App Security detected a security risk and took action on an email message, attachment, or file.

Notification threshold sets limits on messages to send. Threshold settings include:

• Send consolidated notifications periodically: Cloud App Security sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s).

• Send consolidated notifications by occurrences: Cloud App Security sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of virus/malware occurrences by typing a number in the box.

• Send individual notifications: Cloud App Security sends an email message notification every time Cloud App Security performs a filtering action.

Exchange Online and Gmail: Specify message details that notify recipients that Cloud App Security detected a security risk and took action on their email message or attachment.

SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive: Specify message details that notify the user who updated a file that Cloud App Security detected a security risk and took action on their file.

Teams Chat: Cloud App Security does not provide this option. When a chat message was blocked, a notification "This message was blocked." provided by Microsoft appears in the sender's private chat window. Message senders can click What can I do? to view more information about the blocked messages.

Salesforce: Specify message details that notify the user who updated a Salesforce object record that Cloud App Security detected a security risk and took action on the update.