1

I have many returning false positive blocked mails from an organization partner, that always blocked their reply on our emails. Our quarantined report says Blocked by organization policy : Antimalware policy block by file type

The only attachment in the mail was an image in signature. The signature was ours, but when they answare the mail the incoming reply massage always blocked with the reason above.

I have two question:

  1. How can I be sure what file is the wrong tpye that Defender needs to block?

  2. How can be bypass that our reply massage never be blocked (without removing signature pics)?

The HTML code of this mail's signature:

<span style="font-size: 8.0pt;line-height: 120.0%;color: rgb(31,73,125);"><img border="0" width="225" height="45" style="width: 2.3472in;height: 0.4722in;" src="cid:**91e91ec32e9dc19a9bfcf381ec58f4955ad568c1867371b55da.mpf**"></span>

I do not know how can it be .mpf extension in their reply. We use .jpg or .png in signatures. I've already checked anti-malware policies file types and .mpf is not on the black list.

Imre Cserháti
  • 11
  • 2
  • The HTML code of this mail's signature: – Imre Cserháti Feb 22 '23 at 12:32
  • Please don't add new info on comments, but [edit](https://superuser.com/posts/1770107/edit) the question instead. When formatting's lost code can be difficult to decipher. This way everything relevant is readily available. – Peregrino69 Feb 22 '23 at 14:36
  • "MPF files mostly belong to Office by Microsoft. MPF filename extension is associated with compressed media package files containing clip art images, keywords, and tags which are used by the Clip Oragnizer or Design Gallery utilities bundled with Office" [source](https://filext.com/file-extension/MPF) (among others). – Peregrino69 Feb 22 '23 at 14:42
  • I don't really get it. Which one is it: 1) mails you send to partner are blocked 2) mails partner sends to you are blocked 3) partner's replies to you are blocked 4) your replies to partner are blocked? Is this "Blocked by..." message generated by your system or partner's? Again, please don't answer in comments but edit the question instead. – Peregrino69 Feb 22 '23 at 14:45
  • `.mpf` is a rare and unlikely file-extension. Replace it by a JPG or PNG signature to avoid such troubles. – harrymc Feb 22 '23 at 18:21
  • While you cannot add custom extensions via the portal, it does appear that you can use the “-FileTypes” switch on the “Set-MalwareFilterPolicy” cmdlet to add extensions not in the list of 96. Reference: http://byronwright.blogspot.com/2017/09/customizing-file-types-for-common.html Or you could block them via transport rule. – Faery Feb 28 '23 at 08:29

0 Answers0