ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender now includes advanced protection from dangerous Microsoft Office macro code (OLE). Since usage of Office macro code is very limited (and seldom moved via email) it’s almost universally used as an attack vector by hackers who send malicious macro code embedded in Microsoft Office documents that target vulnerabilities in Outlook, Word, Excel, Powerpoint, and more.
Specifically, our service scans the following attachments for the presence of dangerous, encrypted, malformed, malicious, or suspicious code: doc,dot,pot,ppa,pps,ppt,sldm,xl,xla,xls,xlt,xslb,docm,dotm,ppam,potm,ppst,ppsm,pptm,sldm,xlm,xlam,xlsb,xlsm, and xltm. If we detect something suspicious or dangerous the message will not be destroyed or quarantined (as is the case with virus or infected attachments) – rather we just filter it to SureSPAM.
Managing Your OLE Protection
We will start strictly enforcing macro protection on January 1, 2019. However, the feature is available now and can be enabled at any time by going to https://admin.exchangedefender.com and logging in as a domain administrator (if you don’t see the setting, you aren’t logging in with your domain account but your personal or service provider account).
Click on Configuration > Policies > Phishing Options.
At the bottom of the form you will see “ExchangeDefender Office Macro Protection” section that is currently (October 2018) set to Off. The following options are available:
Off – Turns off ExchangeDefender Office Macro (OLE) protection
On – Turns on the protection but whitelisting the domain/email will bypass it
Strict – Turns on the protection and ignores whitelists
ExchangeDefender recommends this setting be configured as Strict in order to protect from spoofing where clients own domain or vendor (that doesn’t have SPF/DKIM implemented) address is used to deliver a dangerous attachment. Using “Strict” setting bypasses whitelist checks so if the message contains dangerous content it will automatically go into SureSPAM even if the domain is whitelisted.
What do I tell the users?
First, set the setting to Strict. Then, adjust the date in the message below and make sure SureSPAM settings are set to Quarantine.
“Starting with January 1, 2019, ExchangeDefender will protect you from dangerous attachments that contain rarely used Microsoft Office macro (OLE) code. If dangerous macro code is detected in an attachment, message will go into SureSPAM category and if configured to quarantine the message will be accessible at https://admin.exchangedefender.com in the SureSPAM quarantine. We have enabled the protection for you. If you ever see a familiar contact/domain but you were not expecting the message, it’s likely being spoofed/forged in order to trick you to click on a dangerous attachment. Take an extra step and contact the sender asking them if they sent you a document. If not, delete the message.”
We hope this helps keep your users more secure and in our production use so far it’s helping stop 100% of dangerous content
New ExchangeDefender AntiSPAM Engine
The more SPAM stays the same, the more ways they find to get it through to your mailbox.
How we determine something to be SPAM vs legitimate mail is a bit of a science and it incorporates a ton of statistical analysis, data feeds, real-time blacklists, IP reputation scores, several antivirus products, several malware detection products, subscription services, etc. We pass each inbound message through almost all of these subsystems and assign it a score – as that score adds up the message becomes categorized as SPAM or SureSPAM based on the amount of UCE/malware/infected content the message has.
Every year we rebuild the ExchangeDefender engine to pull out things that no longer perform well, add new promising technologies, shift around the different plugins and so on. While ExchangeDefender filtering is updated in real-time and by tons of different vendors along with our in house technology, major improvements and technology shifts are necessary in order to prevent truly dangerous stuff from getting through. Unfortunately, this means that for about a week or two the amount of junk mail that gets through goes up as we reset all our scores, statistical models, weighs for different services and the implementation. While we wish we could just point and click, the process is far more complex than that, and requires delicate changes over a few days.
We appreciate your patience with us as we get the new engine online. The SPAM filtering levels should return to 100% shortly and we realize SPAM is annoying – which is why we’re doing this in the first place. Thank you for your business and trusting us with your email, we look forward to getting our best ever SPAM detection online shortly.
Exchange 2016 Designed for Small Business
ExchangeDefender is in it’s final stage of Exchange 2016 migration which means tons of small business users are about to experience Exchange 2016 for the first time (coming from 2010, 2013 and even a few 2007 / virtualized SBS folks). While there are tons of advantages and features in 2016, nearly all of them are related to the back end/IT that will make your Exchange/Outlook experience much better. Yes, I can hear you yawning. 🙂
SIMPLICITY
The most exciting thing about ExchangeDefender on Exchange 2016 is the extent to which we have templated, wizarded, and simplified the management of an Exchange 2016 organization – we’ve written tons of control panels and wizards that will make ordinary users as powerful as IT people with a ton of PowerShell experience. As a matter of fact, our Exchange 2016 UI will be on sale shortly as a separate product. All the cool stuff you read about Exchange 2016 is only accessible via PowerShell and coding, something that even an overwhelming majority of trained IT staff aren’t capable of doing effortlessly.
We looked at the Microsoft Exchange platform, surveyed our users, looked at all the tickets and requests we’ve had since the 2016 launch and we built a simple, easy to use, non-IT guy friendly way of managing Exchange 2016 and all it’s new features. This means that for an average organization, ExchangeDefender Exchange 2016 will be the most powerful platform they can get.
FLEXIBILITY
Microsoft has really changed the game in Exchange 2016 with massive improvements around the web – from MAPI over HTTP to Outlook on the Web. Outlook on the web will turn your web browser into something as similar and almost as powerful as your desktop Outlook application. In fact, all ExchangeDefender employees currently use Outlook on the Web as their primary email interface because the search component is flawless and we already spend the entire day in the browser.
MAPI over HTTP component is truly solid and will hopefully eliminate a ton of problems that 2003/07/10/13 users had with configuring their Outlook initially. With the new setup and autodiscover, apps will be able to quickly locate the right server and keep connecting even when there are backend maintenance or outage scenarios. So far so good though, 2016 has been rock solid leading us to..
RELIABILITY
As everyone that’s ever had to deal with Outlook and Exchange will tell you, it’s reliable but when you have an issue it’s usually big – well, not anymore. With better implementation of multiple roles, Managed Store, expanding archives and SharePoint Foundation Search the new version of Exchange can handle larger mailboxes, provide faster searches and assure smooth operation in event of failure.
We have been leveraging Expanding Archives to provide bigger (archived mail) mailboxes while making the recent messages on entirely different storage. The results are phenomenal and you will notice the difference immediately.
Everyone with an AutoDiscover record can be moved on demand, if you don’t have an auto discover record you will need to create one for your domain and point it to autodiscover.xd.email – beyond that Outlook will handle everything just requiring the user to run an online “repair” that takes just a few moments and doesn’t require downloading all of the email, creating a new profile, re-configuring everything and so on. If you don’t have an auto-discover yet you will need it – there is no more “manual” configuration.
We truly look forward to getting all of our clients on 2016 as fast as possible and have additional staff, documents, and resources to make this a successful move for everyone. Once moved, the power of our UI and management infrastructure will give you more flexibility over the Exchange management and implementation while also allowing you to run things without PowerShell, hacking or putting things together. That in fact is our biggest competitive advantage: You don’t need to be in IT to manage your email.
(10/17) Webinar: ExchangeDefender launches New Features
A new webinar for October 17th at noon has been scheduled! We’ve been working around the clock to provide our partners, and their clients new features that make all of our work process easier, and more effective. Cool things that are happening as of today, October 1st :
Exchange 2016, Finally
The new exchange 2016 comes with a lot of new features. We’re particularly excited about the ability to create shared mailboxes, and manage password and lockout policies.
Corporate Encryption
You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
SPAM Reporting
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
Friendly Names
You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.
Watch ExchangeDefender’s CEO, Vlad Mazek discuss newsworthy topics to be discussed during the upcoming webinar on the 17th at noon. Stay tuned as we share key advancements of our products and within the company. Reserve for the webinar now!
ExchangeDefender Introduces Friendly Display Names
Friendly Names, Finally.
You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.
This is a slightly technical pragraph that we encourage you to skip. Every email you receive has two From: addresses. One is a “friendly from” or “header from” address that prints the name of the sender as the user configured it inside their mail software such as Outlook or Gmail. The other is an “envelope from” or “mail from / return path from” address that is used for mailer/postmaster reasons to bounce and process messages. As an email security solution, ExchangeDefender only looks at and reports envelope addressing as the friendly from can easily be spoofed and faked and generally has no impact on the underlying SPAM filtering technology, message routing, SPF/DKIM, and a myriad of other technical reasons. Two decades ago, when ExchangeDefender was first and foremost meant to be a front line defense on the edge/perimeter before allowing traffic to get to the firewall, envelope from was what I went with.
What made sense two decades ago, which is centuries in IT terms, doesn’t make sense in 2018. Today ExchangeDefender is no longer primarily an edge security service, it is prime real estate in which end users and business employees spend a considerable amount of their time managing their mail, sending documents, sending encrypted attachments, assuring compliance, collaborating, and as such the design and the content needs to show something relevant to the user (not the IT administrator power user that is likely managing things through our powerful Domain Administrator section).
Oh, and by the way, it’s also going to show up like this in our updated SPAM Reports starting in October for our ExchangeDefender Pro subscribers:
P.S. Please tune into our new feature webinar on Wednesday, October 17th, 2018 at noon EST. Lot’s of new features are coming in ExchangeDefender as we transform the product to better serve the compliance and security needs of our clients. Register Now!
New Feature: Encryption Enrollment Account Reset
ExchangeDefender Encryption Enrollment Account Reset
Encryption is hot – with daily news of hackers breaking in or compromising one system after another, taking that extra step to make sure your information is safe and secure has never been on the minds of business owners more. We may sound like a broken record when it comes to encryption but it is one of our more popular products and today we’re happy to announce another quick feature that is coming.
October 1st: You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
ExchangeDefender Corporate Encryption has an alternate [ENCRYPT] flag that can allow the users to encrypt messages on demand and require the recipient to enroll in the ExchangeDefender Corporate Encryption in order to access the message. Enrollment process is quick and simple and requires the recipient to provide their name and phone number along with a selection of a password and a 4 digit PIN. This additional security step is put in place to eliminate man in the middle attacks where a hacker may have compromised the firewall, disgruntled employee is trying to spy on inbound mail, or a variety of other threatening issues. It is the ultimate layer of protection because PIN is only known to the user.
If you support ExchangeDefender Corporate Encryption, you’re going to like this feature a lot because you’ve likely had to deal with the inevitable case of a recipient forgetting both their password and their PIN. Since we have no way to verify the users identity, we’ve always processed reset requests manually. Now, this process is automated.
Just go to admin.exchangedefender.com and login as the domain administrator. If you subscribe to Corporate Encryption you will see it under the Configuration menu. Simply type in the recipients email address and their account at ExchangeDefender will be reset allowing them to enroll again.
As a security precaution, they will not be able to see emails sent to them prior to the enrollment period – only new messages after they have created their account. On the backend, there are additional checks in order to make sure that this is actually a user that receives email from your domain, etc, etc so we don’t open the door to a malicious ExchangeDefender client attempting to reset accounts of unknown contacts. Obviously there is far more going on in the background that we cannot disclose in a blog post but if you’re interested in the technology, we have patents pending on several of these and would be happy to discuss privately.
There you have it, October 1st. Another cool feature that will save a lot of time for our users while keeping everyone just a little bit safer. We’re adding more features all over the place so please stay tuned to our blog and our Facebook page.
ExchangeDefender Encryption Positioning
Email encryption is on the rise, ExchangeDefender offers two types of encryption.
Corporate Encryption
ExchangeDefender Encryption (Corporate Encryption) has been one of our hottest products for years, the demand for it is fueled by daily news of exploits, hacking, data theft and so on. Just last night, one of the largest retailers in the world was exploited and for over a month hackers stole credit cards and client information. This sort of daily reporting is creating an unprecedented demand for encryption products, with Let’s Encrypt becoming the largest SSL certificate issuer on the planet.
One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected.
When it comes to email encryption things get a bit more confusing, complicated, fragmented and unclear. One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected. Whether you’re the sender or the recipient. Unfortunately, email alone isn’t secure enough by design and <big deal>it is the most exploited and hacked medium available.</bigdeal> . Why hack a bank when I can hack your mailbox and get all your accounts, credentials, reset mechanisms, notes, private information and more?
This is where ExchangeDefender, and ExchangeDefender Encryption, become such a big deal and such a valuable <i>service</i> for your business. You can exchange emails back and forth securely, without installing any software, without requiring the recipient to install any software. Your still use your same email program, desktop, mobile phone, tablet – but your information goes from point to point in an encrypted and protected process. Not just that but you get things you typically can’t get from IT – knowing when the message was was received, when it was read, how many times it’s been read, and you get a reply in the same secure way.
Request your complimentary branded marketing collateral. Looking for something else? Give us your feedback.
It’s clear to see how easy and essential selling ExchangeDefender Encryption is: but you can’t show up empty handed. We have marketing collateral available for our partners – Click on the PDF to download.
ExchangeDefender Introduces New SPAM Reports
SPAM Email Reports
ExchangeDefender SPAM Email Reports remain one of our most popular features and after nearly 6 years since the last major revision we’re looking to improve both the value and the functionality. For many of our end users, ExchangeDefender is the sole provider of cyber security training and information – so the responsibility of better educating our clients on the threats they are likely to face via email and web is crucial.
Then there is the look and feel of it. White collar workforce has largely gone away from dual monitor configurations to smaller portable devices on which users don’t spend the whole day in Outlook – so our email reports that were designed for the Microsoft desktop era needed a little face lift.
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
– New reports feature “friendly” From addresses, instead of the actual From: line we’ve always used.
– Contrast has been improved as well as spacing, so finding information in the email is much simpler.
– Font size, padding, colors, etc has been modernized as well, allowing the report to look amazing on both small phone screens and large wide-screen computer displays.
On the backend, our reports and email release requests are starting to embed our support at the point of release, making sure our end users get exactly what they are expecting right away. If the message isn’t displaying correctly, or if it cannot be located, or if the message is continuously ending up in the SPAM quarantine even though the user believes they whitelisted it (99.999999999% they whitelist the disposable from tracking email which changes every time a message is sent, instead of whitelisting the domain) – our support will be there to assist them immediately without picking up a phone, without opening up a support ticket, without escalating it to the office manager or creating additional work. On demand service #ftw.
Our mission to help protect our clients from dangerous and malicious content also has to account for threats before they become problems – which is why we’re investing in training and info collateral aimed at the users so they are aware of new ways hackers are trying to exploit them. This info will be featured prominently in the service and we will cover it in detail as we ramp up production but for the time being we understand our end users have limited time and limited interest in what is going on in the world of cyber crime – so we will limit our content to 140 characters and feature relevant stuff only, nothing commercial.
If you have any suggestions or ideas for our Email SPAM Reports, please do not hesitate to let us know.
ExchangeDefender Corporate Encryption: New Features
ExchangeDefender Corporate Encryption
ExchangeDefender Corporate Encryption now allows you to send encrypted attachments and share files securely from any device, even many of you that aren’t on Microsoft Outlook/Exchange. It was one of the more popular parts of the webinar we held yesterday (hope you had a chance to attend it, you can watch it anytime in our secure portal at https://support.ownwebnow.com)
ExchangeDefender Corporate Encryption was designed to eliminate the pain point of traditional key-based email encryption: too much software, too much management, exchange of public keys, software deployment, and more. It also eliminates the complaints about cloud based solutions that are often clunky, unfriendly, not to mention expensive. ExchangeDefender Corporate Encryption is none of those: it is friendly, affordable, requires no additional software or hardware.
And as of this week, it allows the sender and the recipient to exchange attachments so that the content is encrypted in both directions. Furthermore, because it is cloud based, you can resume work when you get back to your desk. The upgrades to the UI allow you to quickly see new messages, respond to them, or forward them elsewhere. It is truly turning into a highly secure, policy-based, email solution for businesses that require compliance and content security.
We’ve also made the UI more friendly by putting actions on top of the page so that it resembles popular webmail products end users have gotten used to for over a decade. Attachments are a lot more prominent and go both ways: not only can you send them, but when the recipient logs into our portal to reply they can attach anything they want to in response as well – assuring that content is protected and encrypted at all times.
ExchangeDefender SMTP Headers
ExchangeDefender mail flow and email analysis troubleshooting is at times a long and difficult process that has been automated through our admin portal at https://admin.exchangedefender.com. We realize that it’s not an option for some of our end users and new MSPs so we often get tickets in our support portal asking us why a certain message got delayed, rejected, classified as SPAM or allowed to get through if it had SPAM content, etc.
In order to troubleshoot an issue with a specific message we always ask for SMTP headers. The following blog post will help you find them in Outlook Web App, Outlook 2013 and Outlook 2016.
Outlook Web App
From the message listing, right click on the message and select “View Message Details”:
You will see Message details screen. Copy and paste it in the ticket and we can help you with the rest.
Outlook 2013 / Outlook 2016
From the message listing double click on the message so it pops up in it’s own Outlook window.
Then click on File and you will be shown the message file options:
Click on Properties and you will see the SMTP headers. Copy and paste it in the ticket and we can help you with the rest.
Important: Please copy and paste the contents of the screen into our support ticket instead of taking a screenshot. Sometimes the SMTP headers contain characters that are very similar (qf9mfIlI1IlI) and it can take a lot longer to locate the message rather than having a specific text search.
What happens next is that our team is able to locate the specific message in our database and then with that data do further analysis using the node that processed the message and look at all the logs generated by hundreds of different services that are analyzing every message for dangerous content.